PATTERN LIBRARY
Combat-tested regex patterns for cybersecurity operations, digital forensics, and threat hunting.COPY, DEPLOY, DOMINATE
PATTERNS
CATEGORIES
COMBINATIONS
Network & Security
IPv4 Address
Matches IPv4 addresses in logs and network data
\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b192.168.1.100, 10.0.0.1
MAC Address
Matches MAC addresses in various formats
([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})AA:BB:CC:DD:EE:FF, aa-bb-cc-dd-ee-ff
URL/Domain
Matches HTTP/HTTPS URLs and domains
https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)https://example.com/path?param=value
Port Numbers
Matches port numbers in network addresses
:\d{1,5}\b:80, :443, :8080
File & System
File Paths (Windows)
Matches Windows file paths
[A-Za-z]:\\(?:[^\\/:*?"<>|\r\n]+\\)*[^\\/:*?"<>|\r\n]*C:\Users\Admin\Documents\file.txt
File Paths (Unix)
Matches Unix/Linux file paths
\/(?:[^\s\/]+\/)*[^\s\/]*/home/user/documents/file.txt
Hash Values (MD5/SHA)
Matches MD5 (32) or SHA-256 (64) hash values
\b[a-fA-F0-9]{32,64}\bd41d8cd98f00b204e9800998ecf8427e
Registry Keys
Matches Windows registry keys
HKEY_[A-Z_]+\\[^\n\r]*HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
Authentication & Data
Email Address
Matches email addresses
[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}Credit Card Numbers
Matches credit card numbers with separators
\b(?:\d[ -]*?){13,16}\b4111 1111 1111 1111, 5555-5555-5555-4444
Social Security Numbers
Matches US Social Security Numbers
\b\d{3}-\d{2}-\d{4}\b123-45-6789
Phone Numbers
Matches US phone numbers in common formats
\(\d{3}\)\s?\d{3}-\d{4}|\d{3}-\d{3}-\d{4}(555) 123-4567, 555-123-4567
Log Analysis
Timestamp (ISO 8601)
Matches ISO 8601 timestamp formats
\d{4}-\d{2}-\d{2}[T ]\d{2}:\d{2}:\d{2}(?:\.\d{3})?(?:Z|[+-]\d{2}:\d{2})?2024-01-15T10:30:45.123Z
HTTP Status Codes
Matches HTTP status codes
\b[1-5]\d{2}\b200, 404, 500
Syslog Priority
Matches syslog priority values
<\d{1,3}><134>, <86>
Process ID (PID)
Matches process IDs in logs
\bPID[:\s]*(\d+)PID: 1234, PID 5678
Threat Intelligence
Bitcoin Address
Matches Bitcoin wallet addresses
\b[13][a-km-zA-HJ-NP-Z1-9]{25,34}\b1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa
CVE Identifiers
Matches Common Vulnerabilities and Exposures IDs
CVE-\d{4}-\d{4,}CVE-2021-44228, CVE-2023-12345
Base64 Data
Matches Base64 encoded strings
(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=|[A-Za-z0-9+\/]{4})SGVsbG8gV29ybGQ=
Suspicious PowerShell
Matches suspicious PowerShell commands
(Invoke-Expression|IEX|DownloadString|Invoke-WebRequest|powershell\.exe.*-enc)powershell.exe -enc SGVsbG8=
PATTERN TESTER
Test regex patterns against sample data before deploying in production
LIVE PATTERN TESTING
Copy any pattern above and test it against your data
OPERATIONAL SECURITY NOTICE
These regex patterns are provided for legitimate cybersecurity, forensics, and system administration purposes. Always ensure compliance with your organization's policies and applicable laws when processing sensitive data.
BEST PRACTICES:
- • Test patterns in isolated environments before production use
- • Be aware of performance implications with complex patterns
- • Consider privacy implications when matching PII data
- • Document pattern usage for audit and compliance purposes
- • Regular expressions can be CPU-intensive - optimize accordingly