GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects β†’ AndrewRathbun β†’ DFIRRegex

AndrewRathbun / DFIRRegex

Licence: MIT license
A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.

Labels

regexdfirgrepkapedigitalforensicseztools

Projects that are alternatives of or similar to DFIRRegex

EventTranscript.db-Research
A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.
Stars: ✭ 33 (+0%)
Mutual labels:  dfir, kape, digitalforensics, eztools
Ugrep
πŸ”NEW ugrep v3.1: ultra fast grep with interactive query UI and fuzzy search: search file systems, source code, text, binary files, archives (cpio/tar/pax/zip), compressed files (gz/Z/bz2/lzma/xz/lz4), documents and more. A faster, user-friendly and compatible grep replacement.
Stars: ✭ 626 (+1796.97%)
Mutual labels:  regex, grep
greptile
Fast grep implementation in python, with recursive search and replace
Stars: ✭ 17 (-48.48%)
Mutual labels:  regex, grep
Rare
Fast, realtime regex-extraction, and aggregation into common formats such as histograms, numerical summaries, tables, and more!
Stars: ✭ 76 (+130.3%)
Mutual labels:  regex, grep
splinter
Simple pattern-based linter πŸ€
Stars: ✭ 31 (-6.06%)
Mutual labels:  regex, grep
Sakura
SAKURA Editor (Japanese text editor for MS Windows)
Stars: ✭ 689 (+1987.88%)
Mutual labels:  regex, grep
Ripgrep
ripgrep recursively searches directories for a regex pattern while respecting your gitignore
Stars: ✭ 28,564 (+86457.58%)
Mutual labels:  regex, grep
Grab
experimental and very fast implementation of a grep
Stars: ✭ 230 (+596.97%)
Mutual labels:  regex, grep
Learn gnugrep ripgrep
Example based guide to mastering GNU grep and ripgrep
Stars: ✭ 204 (+518.18%)
Mutual labels:  regex, grep
Grepbugs
A regex based source code scanner.
Stars: ✭ 118 (+257.58%)
Mutual labels:  regex, grep
Command Line Text Processing
⚑ From finding text to search and replace, from sorting to beautifying text and more 🎨
Stars: ✭ 9,771 (+29509.09%)
Mutual labels:  regex, grep
RdpCacheStitcher
RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Stars: ✭ 176 (+433.33%)
Mutual labels:  dfir, digitalforensics
iTunes Backup Reader
Python 3 Script to parse out iTunes backups
Stars: ✭ 108 (+227.27%)
Mutual labels:  dfir, kape
renameit
Rename-It! is a Windows software to safely rename of thousands of files and folders at once via regex and all kind of other renaming filters. See the wiki section for more details.
Stars: ✭ 94 (+184.85%)
Mutual labels:  regex
cheat-sheet-pdf
πŸ“œ A Cheat-Sheet Collection from the WWW
Stars: ✭ 728 (+2106.06%)
Mutual labels:  regex
yara-validator
Validates yara rules and tries to repair the broken ones.
Stars: ✭ 37 (+12.12%)
Mutual labels:  dfir
RgxGen
Regex: generate matching and non matching strings based on regex pattern.
Stars: ✭ 45 (+36.36%)
Mutual labels:  regex
fauton
An ecosystem of packages to work with automaton and parsers (dfa/nfa/e-nfa/regex/cfg/pda)
Stars: ✭ 36 (+9.09%)
Mutual labels:  regex
VBA-JSON-parser
Backus-Naur Form JSON Parser based on RegEx for VBA
Stars: ✭ 75 (+127.27%)
Mutual labels:  regex
PastaBean
Python Script to Scrape Pastebin with Regex
Stars: ✭ 0 (-100%)
Mutual labels:  regex
View All Similar Projects βž”

DFIRRegex

A repository to centralize some of the regular expressions I've found useful over the course of my DFIR career. I get sick of hunting down regular expressions all the time so this is my attempt to centralize it not only for myself, but also for others.

Regex101 links were included for the purpose of showing the expected hits when using the regular expressions prior to using them for your own purposes.

Useful Regular Expressions

Title Regex Regex101 Links/Source
Age (Under 18) ^(0?[1-9]{1}|[1]{1}[0-7]{1})(\s|[-])?(y(\s?)o|yr([sz]?)|year([sz]?)((\s|[-])?(old)?)|y)((\s?|[-])(old)?)$ Regex101 Digital Forensics Discord Server user jball77
BASE64 ^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}\=|[A-Za-z0-9+/]{3}=)?$ TBD TBD
Credit Card Numbers (^4[0-9]{12}(?:[0-9]{3})?$)|(^(?:5[1-5][0-9]{2}|222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)[0-9]{12}$)|(3[47][0-9]{13})|(^3(?:0[0-5]|[68][0-9])[0-9]{11}$)|(^6(?:011|5[0-9]{2})[0-9]{12}$)|(^(?:2131|1800|35\d{3})\d{11}$) Regex101 IHateRegex
Cut Folder Hierarchy .+(?=((\|\/).+){2}) Regex101 RegexLib
Email Addresses (([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)(\s*;\s*|\s*$))* Regex101 StackOverflow
Grab Everything Before the First Comma ^.[^,]*(?=(\,)) Regex101 N/A
Filenames (Including Extension) [^\\\/:*?"<>|\r\n]+$ Regex101 Regular Expressions Cookbook
Filenames (Short/Suspicious) ^[\w,\s-]{1,3}\.[a-zA-Z0-9]{2,4}$ Regex101 RegexTester
Hash - MD5 [a-fA-F0-9]{32} TBD TBD
Hash - SHA1 [a-fA-F0-9]{40} TBD TBD
Hash - SHA256 [a-fA-F0-9]{64} TBD TBD
Hash - SHA512 [a-fA-F0-9]{128} TBD TBD
Hex /^#?([a-f0-9]{6}|[a-f0-9]{3})$/ TBD TBD
IPv4 \b(?:(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\b Regex101 bstrings
IPv4 (External Only) \b(?!0\.)(?!10\.)(?!100\.6[4-9]\.)(?!100\.[7-9]\d\.)(?!100\.1[0-1]\d\.)(?!100\.12[0-7]\.)(?!127\.)(?!169\.254\.)(?!172\.1[6-9]\.)(?!172\.2[0-9]\.)(?!172\.3[0-1]\.)(?!192\.0\.0\.)(?!192\.0\.2\.)(?!192\.88\.99\.)(?!192\.168\.)(?!198\.1[8-9]\.)(?!198\.51\.100\.)(?!203.0\.113\.)(?!22[4-9]\.)(?!23[0-9]\.)(?!24[0-9]\.)(?!25[0-5]\.)(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\b Regex101 StackOverflow
IPv6 (([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])) Regex101 RegexTester
MAC Address ^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$ Regex101 StackOverflow
Passwords ^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$ %^&*-]).{8,}$ Regex101 IHateRegex
Phone Numbers ^(\+\d{1,2}\s)?\(?\d{3}\)?[\s.-]?\d{3}[\s.-]?\d{4}$ Regex101 StackOverflow
Remove trailing backslash from every line in a document \\+$ Regex101
URLs (https?:\/\/)?(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()!@:%_\+.~#?&\/\/=]*) Regex101 mathiasbynens.be URL Spec IHateRegex
Valid URLs (Excluding FP from above) \b((ht|f)tp(s)?:\/\/|www\.)+[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9]{2,}((\/)?([-a-zA-Z0-9@:%_\+.~#?&\/=]*)?)\b Regex101 jball77
US Social Security Numbers ^(?!0{3})(?!6{3})[0-8]\d{2}-(?!0{2})\d{2}-(?!0{4})\d{4}$ Regex101 IHateRegex
Username (Discord) ^.{3,32}#[0-9]{4}$ Regex101 IHateRegex

Regex Resources

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].