IT-Forensik Dashboard
-Last updated: May 11, 2025
+Last updated: June 24, 2025
A comprehensive collection of regex patterns for digital forensics and security analysis
+\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b\b(?:10\.(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){2}|172\.(?:1[6-9]|2[0-9]|3[01])\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.)|192\.168\.(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.)\b(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?):[0-9]{1,5}\b(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|::(?:[0-9a-fA-F]{1,4}:){0,5}[0-9a-fA-F]{1,4}|[0-9a-fA-F]{1,4}::(?:[0-9a-fA-F]{1,4}:){0,5}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}::(?:[0-9a-fA-F]{1,4}:)?[0-9a-fA-F]{1,4})(?:f[cd][0-9a-fA-F]{2}:|fe80:|::1)(?:[0-9a-fA-F]{2}[:-]){5}[0-9a-fA-F]{2}\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/(?:3[0-2]|[12]?[0-9])\b\b[13][a-km-zA-HJ-NP-Z1-9]{25,34}\b\bbc1[a-z0-9]{39,59}\b\b0x[a-fA-F0-9]{40}\b\b4[0-9AB][0-9a-zA-Z]{93}\b\b[LM3][a-km-zA-HJ-NP-Z1-9]{26,33}\b\br[a-zA-Z0-9]{24,34}\b\bD[5-9A-HJ-NP-U][a-km-zA-HJ-NP-Z1-9]{25,34}\b\bX[a-km-zA-HJ-NP-Z1-9]{33}\b\b0x[a-fA-F0-9]{40}\bhttps?://[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}(?:/[^"\s]*)?\b(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}\b[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}ftp://[a-zA-Z0-9.-]+(?:/[^"\s]*)?\b[a-fA-F0-9]{32}\b\b[a-fA-F0-9]{40}\b\b[a-fA-F0-9]{64}\b\b[a-fA-F0-9]{128}\b[A-Za-z0-9+/]{4}*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?[a-zA-Z]:\\(?:[^\\/:*?"<>|\r\n]+\\)*[^\\/:*?"<>|\r\n]*(?:/[^/\0]+)+/?\\\\[a-zA-Z0-9.-]+\\[^\\/:*?"<>|\r\n]+(?:\\[^\\/:*?"<>|\r\n]+)*\.[a-zA-Z0-9]{1,5}\bHKEY_[A-Z_]+(?:\\[^\\]+)*\d{4}-\d{2}-\d{2}[T ]\d{2}:\d{2}:\d{2}(?:\.\d{3})?(?:Z|[+-]\d{2}:?\d{2})?\b1[0-9]{9}\b\d{2}/[A-Za-z]{3}/\d{4}:\d{2}:\d{2}:\d{2} [+-]\d{4}\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}[A-Za-z]{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2}^(\S+) \S+ \S+ \[([^\]]+)\] "([^"]+)" (\d{3}) (\d+|-)^(\S+) \S+ \S+ \[([^\]]+)\] "([^"]+)" (\d{3}) (\d+|-) "([^"]*)" "([^"]*)"^(\S+) - (\S+) \[([^\]]+)\] "([^"]+)" (\d{3}) (\d+) "([^"]*)" "([^"]*)"Failed password for (?:invalid user )?(\S+) from (\S+) port (\d+)EventID:\s*(\d+)<Event[^>]*>.*?</Event>\d{4}-\d{2}-\d{2}\s+\d{2}:\d{2}:\d{2}\s+\S+\s+\S+\s+\S+\s+\d+\s+\S+\s+\S+\s+\S+\s+\d+\s+\d+\s+\d+\s+\d+\s+\S+\s+\S+<[A-Za-z0-9$_.-]+@[A-Za-z0-9.-]+>[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}\b(?:\d[ -]*?){13,19}\b\b\d{3}-\d{2}-\d{4}\beyJ[A-Za-z0-9_-]+\.eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\bPID\s*[:=]?\s*(\d+)\b(?:^|\s)([a-zA-Z0-9_-]+\.exe)\b0x[0-9a-fA-F]{8,16}\b(?:6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5]?[0-9]{1,4})\b(?:'|")?(?:;|--|OR|AND|UNION|SELECT|INSERT|UPDATE|DELETE|DROP|EXEC)(?:\s|$)(?:Server|Data Source|User ID|Password|Database|Initial Catalog)=[^;]+(?:Data Source|Server)=(?:(?:tcp:)?[a-zA-Z0-9.-]+(?:\\[a-zA-Z0-9_]+)?(?:,\d+)?);mongodb(?:\+srv)?://(?:[^:]+:[^@]+@)?[a-zA-Z0-9.-]+(?::\d+)?(?:/[^?]+)?(?:-e[ncodedcommand]*\s+|iex|invoke-expression|downloadstring|downloadfile)TVqQAAMAAAAEAAAA(?:bot|crawler|spider|scraper|curl|wget|python|java)arn:aws:[a-z0-9-]+:[a-z0-9-]*:[0-9]{12}:[a-zA-Z0-9-_/:.]+(?:s3://|https?://s3[.-])([a-z0-9.-]+)(?:/[^"\s]*)?/subscriptions/[a-f0-9-]{36}/resourceGroups/[^/]+/providers/[^/]+/[^/]+/[^/\s]+\b[0-9a-f]{64}\b|\b[0-9a-f]{12}\b[a-z0-9](?:[-a-z0-9]*[a-z0-9])?(?:-[a-z0-9]{5,10})?[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}-----BEGIN (?:RSA |EC )?PRIVATE KEY-----ssh-(?:rsa|ed25519|ecdsa) [A-Za-z0-9+/]+={0,2}Bearer [A-Za-z0-9\-._~+/]+=*ghp_[A-Za-z0-9]{36}AKIA[0-9A-Z]{16}[A-Za-z0-9/+=]{40}[A-Za-z0-9+/]{86}==AIza[0-9A-Za-z\-_]{35}https://hooks\.slack\.com/services/T[A-Z0-9]{8}/B[A-Z0-9]{8}/[A-Za-z0-9]{24}[0-9]{8,10}:[A-Za-z0-9_-]{35}[-+]?(?:[0-8]?[0-9]|90)\.[0-9]+,\s*[-+]?(?:1[0-7][0-9]|[0-9]?[0-9])\.[0-9]+\b(?:35[0-9]{13}|01[0-9]{13}|86[0-9]{13}|99[0-9]{13})\b\b[A-HJ-NPR-Z0-9]{17}\b[A-Z]{2}[0-9]{2}[A-Z0-9]{1,30}@[A-Za-z0-9_]{1,15}\b@[a-zA-Z][a-zA-Z0-9_]{4,31}<@!?[0-9]{17,19}>\b[a-fA-F0-9]{64}\bSHA256:[A-F0-9]{2}(?::[A-F0-9]{2}){31}(?:CN|O|OU|C|ST|L)=[^,]+(?:,\s*(?:CN|O|OU|C|ST|L)=[^,]+)*[a-zA-Z0-9._-]+(?:/[a-zA-Z0-9._-]+)?@[A-Z0-9.-]+(?:CN|OU|DC|O)=[^,]+(?:,(?:CN|OU|DC|O)=[^,]+)*[a-z][a-z0-9_]*(?:\.[a-z0-9_]+)+[a-zA-Z][a-zA-Z0-9-]*(?:\.[a-zA-Z0-9-]+)+[0-9A-F]{8,16}MCC:\s*\d{3}\s*MNC:\s*\d{2,3}S-1-[0-59]-\d{1,10}(?:-\d{1,10})*\b\d{1,10}-\d{1,5}\b(?:VID|PID)_[0-9A-F]{4}\{[A-F0-9]{8}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9]{12}\}(?:cmd|powershell|wscript|cscript|mshta|rundll32)\.exe.*(?:http|ftp|\\\\|base64|encode)\\\\\\.\\pipe\\[a-zA-Z0-9_-]+0x[0-9a-fA-F]+\s*-\s*0x[0-9a-fA-F]+<([a-zA-Z][a-zA-Z0-9]*)\b[^>]*>.*?</\1>\{(?:[^{}]|(?:\{[^{}]*\}))*\}CVE-\d{4}-\d{4,}T\d{4}(?:\.\d{3})?[a-z2-7]{16}\.onion\bmagnet:\?xt=urn:[a-zA-Z0-9]+:[a-fA-F0-9]+\b[a-f0-9]{40}\b|\b[a-f0-9]{7,8}\b\s+at\s+[a-zA-Z0-9.$_]+\([^)]*\)\b(?:GET|POST|PUT|DELETE|HEAD|OPTIONS|PATCH|CONNECT|TRACE)\bHTTP/[0-9.]+\s+[1-5][0-9]{2}\b(?:A|AAAA|CNAME|MX|NS|PTR|SOA|SRV|TXT)\s+(?:IN\s+)?[a-zA-Z0-9.-]+MZ.{58}PE\x00\x00\x7fELF(?:Global\\|Local\\)?[A-Z0-9]{8}-[A-Z0-9]{4}-[A-Z0-9]{4}-[A-Z0-9]{4}-[A-Z0-9]{12}-[Ee](?:ncodedcommand|c)\s+[A-Za-z0-9+/=]+rule\s+[a-zA-Z_][a-zA-Z0-9_]*\s*(?::\s*[a-zA-Z_][a-zA-Z0-9_]*\s*)*\{(?:SERVICE_NAME|DISPLAY_NAME):\s*([^\r\n]+)TaskName:\s*\\([^\r\n]+)[a-z]+/[a-z0-9.+-]+(?:sqlmap|nmap|nikto|havij|acunetix|nessus|metasploit|burp|owasp)#!/usr/bin/(?:env )?python[0-9.]*#!/bin/(?:ba)?shTVqQAAMAAAAEAAAATVo[A-Za-z0-9+/]PK\x03\x04Rar!\x1a\x07%PDF-[0-9.]+PK\x03\x04.{26}(?:word|xl|ppt)/