glance.yml aktualisiert
This commit is contained in:
parent
c994bb2a6f
commit
b1e3659893
562
glance.yml
562
glance.yml
@ -33,7 +33,7 @@ pages:
|
|||||||
<div class="p-6 bg-opacity-20 bg-primary rounded mb-4">
|
<div class="p-6 bg-opacity-20 bg-primary rounded mb-4">
|
||||||
<h1 class="size-h2 color-primary mb-2">CC24.DEV</h1>
|
<h1 class="size-h2 color-primary mb-2">CC24.DEV</h1>
|
||||||
<p class="size-h5">IT-Forensik Dashboard</p>
|
<p class="size-h5">IT-Forensik Dashboard</p>
|
||||||
<p class="color-paragraph-faded mt-2">Last updated: May 11, 2025</p>
|
<p class="color-paragraph-faded mt-2">Last updated: June 24, 2025</p>
|
||||||
</div>
|
</div>
|
||||||
<br>
|
<br>
|
||||||
|
|
||||||
@ -856,4 +856,562 @@ pages:
|
|||||||
- title: "cat/less - Dateiinhalte anzeigen"
|
- title: "cat/less - Dateiinhalte anzeigen"
|
||||||
url: "#"
|
url: "#"
|
||||||
- title: "tail -f - Logs überwachen"
|
- title: "tail -f - Logs überwachen"
|
||||||
url: "#"
|
url: "#"
|
||||||
|
- name: "Regex"
|
||||||
|
width: wide
|
||||||
|
columns:
|
||||||
|
- size: full
|
||||||
|
widgets:
|
||||||
|
- type: html
|
||||||
|
source: |
|
||||||
|
<div class="p-6 bg-opacity-10 bg-primary rounded mb-6">
|
||||||
|
<h1 class="size-h1 color-primary mb-4">Forensic Regex Patterns Reference</h1>
|
||||||
|
<p>A comprehensive collection of regex patterns for digital forensics and security analysis</p>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
- type: split-column
|
||||||
|
max-columns: 3
|
||||||
|
widgets:
|
||||||
|
# Network Addresses
|
||||||
|
- type: html
|
||||||
|
source: |
|
||||||
|
<div class="p-4 bg-opacity-10 bg-primary rounded">
|
||||||
|
<h3 class="size-h3 color-highlight mb-3">Network Addresses</h3>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">IPv4</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">IPv4 Private Ranges</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b(?:10\.(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){2}|172\.(?:1[6-9]|2[0-9]|3[01])\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.)|192\.168\.(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.)\b(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">IPv4 with Port</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?):[0-9]{1,5}\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">IPv6 (Simplified)</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">IPv6 (Full)</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|::(?:[0-9a-fA-F]{1,4}:){0,5}[0-9a-fA-F]{1,4}|[0-9a-fA-F]{1,4}::(?:[0-9a-fA-F]{1,4}:){0,5}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}::(?:[0-9a-fA-F]{1,4}:)?[0-9a-fA-F]{1,4})</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">IPv6 Private/Local</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:f[cd][0-9a-fA-F]{2}:|fe80:|::1)</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">MAC Address</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:[0-9a-fA-F]{2}[:-]){5}[0-9a-fA-F]{2}</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">CIDR Notation</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/(?:3[0-2]|[12]?[0-9])\b</code></pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
# Cryptocurrency Addresses
|
||||||
|
- type: html
|
||||||
|
source: |
|
||||||
|
<div class="p-4 bg-opacity-10 bg-primary rounded">
|
||||||
|
<h3 class="size-h3 color-highlight mb-3">Cryptocurrency Addresses</h3>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Bitcoin (P2PKH/P2SH)</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b[13][a-km-zA-HJ-NP-Z1-9]{25,34}\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Bitcoin Bech32</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\bbc1[a-z0-9]{39,59}\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Ethereum</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b0x[a-fA-F0-9]{40}\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Monero</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b4[0-9AB][0-9a-zA-Z]{93}\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Litecoin</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b[LM3][a-km-zA-HJ-NP-Z1-9]{26,33}\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Ripple</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\br[a-zA-Z0-9]{24,34}\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Dogecoin</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\bD[5-9A-HJ-NP-U][a-km-zA-HJ-NP-Z1-9]{25,34}\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Dash</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\bX[a-km-zA-HJ-NP-Z1-9]{33}\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Tether (USDT) on Ethereum</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b0x[a-fA-F0-9]{40}\b</code></pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
# Web & Email
|
||||||
|
- type: html
|
||||||
|
source: |
|
||||||
|
<div class="p-4 bg-opacity-10 bg-primary rounded">
|
||||||
|
<h3 class="size-h3 color-highlight mb-3">Web & Email</h3>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">URL (HTTP/HTTPS)</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>https?://[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}(?:/[^"\s]*)?</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Domain Name</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Email Address</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">FTP URL</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>ftp://[a-zA-Z0-9.-]+(?:/[^"\s]*)?</code></pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
- type: split-column
|
||||||
|
max-columns: 3
|
||||||
|
widgets:
|
||||||
|
# Hash Values
|
||||||
|
- type: html
|
||||||
|
source: |
|
||||||
|
<div class="p-4 bg-opacity-10 bg-primary rounded">
|
||||||
|
<h3 class="size-h3 color-highlight mb-3">Hash Values</h3>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">MD5</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b[a-fA-F0-9]{32}\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">SHA1</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b[a-fA-F0-9]{40}\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">SHA256</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b[a-fA-F0-9]{64}\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">SHA512</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b[a-fA-F0-9]{128}\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Base64 String</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[A-Za-z0-9+/]{4}*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?</code></pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
# File Paths & Names
|
||||||
|
- type: html
|
||||||
|
source: |
|
||||||
|
<div class="p-4 bg-opacity-10 bg-primary rounded">
|
||||||
|
<h3 class="size-h3 color-highlight mb-3">File Paths & Names</h3>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Windows Path</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[a-zA-Z]:\\(?:[^\\/:*?"<>|\r\n]+\\)*[^\\/:*?"<>|\r\n]*</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Unix/Linux Path</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:/[^/\0]+)+/?</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">UNC Path</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\\\\[a-zA-Z0-9.-]+\\[^\\/:*?"<>|\r\n]+(?:\\[^\\/:*?"<>|\r\n]+)*</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">File Extension</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\.[a-zA-Z0-9]{1,5}\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Registry Key</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>HKEY_[A-Z_]+(?:\\[^\\]+)*</code></pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
# Timestamps & Dates
|
||||||
|
- type: html
|
||||||
|
source: |
|
||||||
|
<div class="p-4 bg-opacity-10 bg-primary rounded">
|
||||||
|
<h3 class="size-h3 color-highlight mb-3">Timestamps & Dates</h3>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">ISO 8601</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\d{4}-\d{2}-\d{2}[T ]\d{2}:\d{2}:\d{2}(?:\.\d{3})?(?:Z|[+-]\d{2}:?\d{2})?</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Unix Timestamp</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b1[0-9]{9}\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Apache/CLF Log Date</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\d{2}/[A-Za-z]{3}/\d{4}:\d{2}:\d{2}:\d{2} [+-]\d{4}</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Windows Event Log Date</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Syslog Date</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[A-Za-z]{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2}</code></pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
- type: split-column
|
||||||
|
max-columns: 3
|
||||||
|
widgets:
|
||||||
|
# Log Patterns
|
||||||
|
- type: html
|
||||||
|
source: |
|
||||||
|
<div class="p-4 bg-opacity-10 bg-primary rounded">
|
||||||
|
<h3 class="size-h3 color-highlight mb-3">Log Patterns</h3>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Apache Common Log</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>^(\S+) \S+ \S+ \[([^\]]+)\] "([^"]+)" (\d{3}) (\d+|-)</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Apache Combined Log</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>^(\S+) \S+ \S+ \[([^\]]+)\] "([^"]+)" (\d{3}) (\d+|-) "([^"]*)" "([^"]*)"</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Nginx Access Log</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>^(\S+) - (\S+) \[([^\]]+)\] "([^"]+)" (\d{3}) (\d+) "([^"]*)" "([^"]*)"</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">SSH Failed Login</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>Failed password for (?:invalid user )?(\S+) from (\S+) port (\d+)</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Windows Security Event ID</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>EventID:\s*(\d+)</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Windows Event XML</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code><Event[^>]*>.*?</Event></code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">IIS Log Entry</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\d{4}-\d{2}-\d{2}\s+\d{2}:\d{2}:\d{2}\s+\S+\s+\S+\s+\S+\s+\d+\s+\S+\s+\S+\s+\S+\s+\d+\s+\d+\s+\d+\s+\d+\s+\S+\s+\S+</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Exchange Message ID</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code><[A-Za-z0-9$_.-]+@[A-Za-z0-9.-]+></code></pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
# Identifiers & Keys
|
||||||
|
- type: html
|
||||||
|
source: |
|
||||||
|
<div class="p-4 bg-opacity-10 bg-primary rounded">
|
||||||
|
<h3 class="size-h3 color-highlight mb-3">Identifiers & Keys</h3>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">UUID/GUID</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Credit Card (Basic)</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b(?:\d[ -]*?){13,19}\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">SSN (US)</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b\d{3}-\d{2}-\d{4}\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">JWT Token</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>eyJ[A-Za-z0-9_-]+\.eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+</code></pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
# System & Process
|
||||||
|
- type: html
|
||||||
|
source: |
|
||||||
|
<div class="p-4 bg-opacity-10 bg-primary rounded">
|
||||||
|
<h3 class="size-h3 color-highlight mb-3">System & Process</h3>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">PID</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\bPID\s*[:=]?\s*(\d+)\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Process Name</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:^|\s)([a-zA-Z0-9_-]+\.exe)\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Memory Address</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>0x[0-9a-fA-F]{8,16}</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Port Number</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b(?:6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5]?[0-9]{1,4})\b</code></pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
- type: split-column
|
||||||
|
max-columns: 3
|
||||||
|
widgets:
|
||||||
|
# Database & SQL
|
||||||
|
- type: html
|
||||||
|
source: |
|
||||||
|
<div class="p-4 bg-opacity-10 bg-primary rounded">
|
||||||
|
<h3 class="size-h3 color-highlight mb-3">Database & SQL</h3>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">SQL Injection Pattern</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:'|")?(?:;|--|OR|AND|UNION|SELECT|INSERT|UPDATE|DELETE|DROP|EXEC)(?:\s|$)</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Connection String</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:Server|Data Source|User ID|Password|Database|Initial Catalog)=[^;]+</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">SQL Server Connection</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:Data Source|Server)=(?:(?:tcp:)?[a-zA-Z0-9.-]+(?:\\[a-zA-Z0-9_]+)?(?:,\d+)?);</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">MongoDB Connection</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>mongodb(?:\+srv)?://(?:[^:]+:[^@]+@)?[a-zA-Z0-9.-]+(?::\d+)?(?:/[^?]+)?</code></pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
# Malware Indicators
|
||||||
|
- type: html
|
||||||
|
source: |
|
||||||
|
<div class="p-4 bg-opacity-10 bg-primary rounded">
|
||||||
|
<h3 class="size-h3 color-highlight mb-3">Malware Indicators</h3>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Suspicious PowerShell</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:-e[ncodedcommand]*\s+|iex|invoke-expression|downloadstring|downloadfile)</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Base64 Encoded Executable</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>TVqQAAMAAAAEAAAA</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Suspicious User Agent</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:bot|crawler|spider|scraper|curl|wget|python|java)</code></pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
# Cloud & Infrastructure
|
||||||
|
- type: html
|
||||||
|
source: |
|
||||||
|
<div class="p-4 bg-opacity-10 bg-primary rounded">
|
||||||
|
<h3 class="size-h3 color-highlight mb-3">Cloud & Infrastructure</h3>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">AWS ARN</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>arn:aws:[a-z0-9-]+:[a-z0-9-]*:[0-9]{12}:[a-zA-Z0-9-_/:.]+</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">S3 Bucket URL</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:s3://|https?://s3[.-])([a-z0-9.-]+)(?:/[^"\s]*)?</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Azure Resource ID</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>/subscriptions/[a-f0-9-]{36}/resourceGroups/[^/]+/providers/[^/]+/[^/]+/[^/\s]+</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Docker Container ID</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b[0-9a-f]{64}\b|\b[0-9a-f]{12}\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Kubernetes Pod Name</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[a-z0-9](?:[-a-z0-9]*[a-z0-9])?(?:-[a-z0-9]{5,10})?</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">VMware UUID</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}</code></pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
- type: split-column
|
||||||
|
max-columns: 3
|
||||||
|
widgets:
|
||||||
|
# Authentication & Keys
|
||||||
|
- type: html
|
||||||
|
source: |
|
||||||
|
<div class="p-4 bg-opacity-10 bg-primary rounded">
|
||||||
|
<h3 class="size-h3 color-highlight mb-3">Authentication & Keys</h3>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">PEM Private Key</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>-----BEGIN (?:RSA |EC )?PRIVATE KEY-----</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">SSH Public Key</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>ssh-(?:rsa|ed25519|ecdsa) [A-Za-z0-9+/]+={0,2}</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">OAuth2 Bearer Token</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>Bearer [A-Za-z0-9\-._~+/]+=*</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">GitHub Personal Access Token</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>ghp_[A-Za-z0-9]{36}</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">AWS Access Key</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>AKIA[0-9A-Z]{16}</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">AWS Secret Key (Context)</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[A-Za-z0-9/+=]{40}</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Azure Storage Key</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[A-Za-z0-9+/]{86}==</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Google API Key</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>AIza[0-9A-Za-z\-_]{35}</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Slack Webhook</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>https://hooks\.slack\.com/services/T[A-Z0-9]{8}/B[A-Z0-9]{8}/[A-Za-z0-9]{24}</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Telegram Bot Token</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[0-9]{8,10}:[A-Za-z0-9_-]{35}</code></pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
# Geographic & Tracking
|
||||||
|
- type: html
|
||||||
|
source: |
|
||||||
|
<div class="p-4 bg-opacity-10 bg-primary rounded">
|
||||||
|
<h3 class="size-h3 color-highlight mb-3">Geographic & Tracking</h3>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">GPS Coordinates</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[-+]?(?:[0-8]?[0-9]|90)\.[0-9]+,\s*[-+]?(?:1[0-7][0-9]|[0-9]?[0-9])\.[0-9]+</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">IMEI Number</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b(?:35[0-9]{13}|01[0-9]{13}|86[0-9]{13}|99[0-9]{13})\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">VIN (Vehicle)</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b[A-HJ-NPR-Z0-9]{17}\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">IBAN</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[A-Z]{2}[0-9]{2}[A-Z0-9]{1,30}</code></pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
# Social Media & Messaging
|
||||||
|
- type: html
|
||||||
|
source: |
|
||||||
|
<div class="p-4 bg-opacity-10 bg-primary rounded">
|
||||||
|
<h3 class="size-h3 color-highlight mb-3">Social Media & Messaging</h3>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Twitter/X Handle</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>@[A-Za-z0-9_]{1,15}\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Telegram Username</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>@[a-zA-Z][a-zA-Z0-9_]{4,31}</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Discord ID</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code><@!?[0-9]{17,19}></code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Bitcoin Transaction ID</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b[a-fA-F0-9]{64}\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">TLS Certificate Fingerprint (SHA256)</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>SHA256:[A-F0-9]{2}(?::[A-F0-9]{2}){31}</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">X509 Certificate Subject</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:CN|O|OU|C|ST|L)=[^,]+(?:,\s*(?:CN|O|OU|C|ST|L)=[^,]+)*</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Kerberos Principal</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[a-zA-Z0-9._-]+(?:/[a-zA-Z0-9._-]+)?@[A-Z0-9.-]+</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">LDAP DN</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:CN|OU|DC|O)=[^,]+(?:,(?:CN|OU|DC|O)=[^,]+)*</code></pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
- type: split-column
|
||||||
|
max-columns: 3
|
||||||
|
widgets:
|
||||||
|
# Mobile Forensics
|
||||||
|
- type: html
|
||||||
|
source: |
|
||||||
|
<div class="p-4 bg-opacity-10 bg-primary rounded">
|
||||||
|
<h3 class="size-h3 color-highlight mb-3">Mobile Forensics</h3>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Android Package Name</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[a-z][a-z0-9_]*(?:\.[a-z0-9_]+)+</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">iOS Bundle ID</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[a-zA-Z][a-zA-Z0-9-]*(?:\.[a-zA-Z0-9-]+)+</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Android ADB Device</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[0-9A-F]{8,16}</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Mobile Country/Network Code</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>MCC:\s*\d{3}\s*MNC:\s*\d{2,3}</code></pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
# Forensic Artifacts
|
||||||
|
- type: html
|
||||||
|
source: |
|
||||||
|
<div class="p-4 bg-opacity-10 bg-primary rounded">
|
||||||
|
<h3 class="size-h3 color-highlight mb-3">Forensic Artifacts</h3>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Windows SID</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>S-1-[0-59]-\d{1,10}(?:-\d{1,10})*</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">NTFS MFT Reference</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b\d{1,10}-\d{1,5}\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">USB Device ID</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:VID|PID)_[0-9A-F]{4}</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Windows GUID (Registry Format)</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\{[A-F0-9]{8}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9]{12}\}</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Process Command Line (Suspicious)</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:cmd|powershell|wscript|cscript|mshta|rundll32)\.exe.*(?:http|ftp|\\\\|base64|encode)</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Named Pipe</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\\\\\\.\\pipe\\[a-zA-Z0-9_-]+</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Memory Region</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>0x[0-9a-fA-F]+\s*-\s*0x[0-9a-fA-F]+</code></pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
# Additional Patterns
|
||||||
|
- type: html
|
||||||
|
source: |
|
||||||
|
<div class="p-4 bg-opacity-10 bg-primary rounded">
|
||||||
|
<h3 class="size-h3 color-highlight mb-3">Additional Patterns</h3>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">XML/HTML Tag</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code><([a-zA-Z][a-zA-Z0-9]*)\b[^>]*>.*?</\1></code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">JSON Object</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\{(?:[^{}]|(?:\{[^{}]*\}))*\}</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">CVE ID</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>CVE-\d{4}-\d{4,}</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">MITRE ATT&CK ID</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>T\d{4}(?:\.\d{3})?</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Tor Address</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[a-z2-7]{16}\.onion\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Magnet Link</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>magnet:\?xt=urn:[a-zA-Z0-9]+:[a-fA-F0-9]+</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Git Commit Hash</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b[a-f0-9]{40}\b|\b[a-f0-9]{7,8}\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Stack Trace Line</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\s+at\s+[a-zA-Z0-9.$_]+\([^)]*\)</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">HTTP Method</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b(?:GET|POST|PUT|DELETE|HEAD|OPTIONS|PATCH|CONNECT|TRACE)\b</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">HTTP Response Status</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>HTTP/[0-9.]+\s+[1-5][0-9]{2}</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">DNS Query</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b(?:A|AAAA|CNAME|MX|NS|PTR|SOA|SRV|TXT)\s+(?:IN\s+)?[a-zA-Z0-9.-]+</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">PE File Magic</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>MZ.{58}PE\x00\x00</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">ELF File Magic</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\x7fELF</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Mutex Pattern (Malware)</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:Global\\|Local\\)?[A-Z0-9]{8}-[A-Z0-9]{4}-[A-Z0-9]{4}-[A-Z0-9]{4}-[A-Z0-9]{12}</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">PowerShell Encoded Command</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>-[Ee](?:ncodedcommand|c)\s+[A-Za-z0-9+/=]+</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">YARA Rule Name</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>rule\s+[a-zA-Z_][a-zA-Z0-9_]*\s*(?::\s*[a-zA-Z_][a-zA-Z0-9_]*\s*)*\{</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Windows Service Name</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:SERVICE_NAME|DISPLAY_NAME):\s*([^\r\n]+)</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Scheduled Task Name</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>TaskName:\s*\\([^\r\n]+)</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">MIME Type</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[a-z]+/[a-z0-9.+-]+</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Browser User-Agent (Suspicious Tools)</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:sqlmap|nmap|nikto|havij|acunetix|nessus|metasploit|burp|owasp)</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Python Script Shebang</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>#!/usr/bin/(?:env )?python[0-9.]*</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Bash Script Shebang</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>#!/bin/(?:ba)?sh</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Base64 Encoded PE Header</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>TVqQAAMAAAAEAAAA</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Base64 Encoded MZ Header</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>TVo[A-Za-z0-9+/]</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">ZIP Archive Header</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>PK\x03\x04</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">RAR Archive Header</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>Rar!\x1a\x07</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">PDF Header</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>%PDF-[0-9.]+</code></pre>
|
||||||
|
|
||||||
|
<h4 class="size-h5 color-primary mt-3 mb-2">Office Document (OOXML)</h4>
|
||||||
|
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>PK\x03\x04.{26}(?:word|xl|ppt)/</code></pre>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
- type: html
|
||||||
|
source: |
|
||||||
|
<div class="p-4 bg-opacity-20 bg-primary rounded mt-4">
|
||||||
|
<h3 class="size-h3 color-highlight mb-3">Usage Notes</h3>
|
||||||
|
<ul class="text-sm space-y-2">
|
||||||
|
<li>• All patterns are POSIX-compatible for C regex.h</li>
|
||||||
|
<li>• Use raw strings in Python: r'pattern'</li>
|
||||||
|
<li>• For C, escape backslashes: \\b becomes \\\\b</li>
|
||||||
|
<li>• Test patterns with your specific data format</li>
|
||||||
|
<li>• Some patterns simplified for compatibility</li>
|
||||||
|
<li>• Consider case-insensitive flags where appropriate</li>
|
||||||
|
</ul>
|
||||||
|
<br>
|
||||||
|
<br>
|
||||||
|
|
||||||
|
<h3 class="size-h3 color-highlight mb-3 mt-4">Important Considerations</h3>
|
||||||
|
<ul class="text-sm space-y-2">
|
||||||
|
<li><span class="font-semibold color-primary">Pattern Overlap:</span> Some patterns may overlap (e.g., SHA256 hash vs Bitcoin transaction ID). Use context and length constraints.</li>
|
||||||
|
<li><span class="font-semibold color-primary">Context Required:</span> Many patterns need context (Git hashes vs other 40-char hex strings, SHA256 hashes vs Bitcoin transaction IDs)</li>
|
||||||
|
<li><span class="font-semibold color-primary">Performance:</span> Complex patterns on large datasets may be slow. Consider pre-filtering or indexing.</li>
|
||||||
|
<li><span class="font-semibold color-primary">Validation:</span> These patterns match format, not validity. Additional validation needed for checksums, network addresses, certificates.</li>
|
||||||
|
<li><span class="font-semibold color-primary">Privacy:</span> Many patterns match sensitive data. Handle with appropriate security measures.</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
Loading…
x
Reference in New Issue
Block a user