Regular Expressions: Why do you need it in pentest and how to learn

February 19, 2019 | Views: 3510

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

First, let’s see why we can use regular expressions and how to use them in the context of pentest.

1. Regular expressions can greatly help in the process of exploration and data collection – in order not to collect any garbage, we will be able to select only that part of the content that will be really useful for us.

2. In the process of developing auxiliary units for performing pentests (including even the stage of the  intelligence).

3. In case we got access to the target system, database, etc. – accordingly, we need to extract the data we are interested in, regulars can also be useful here.

4. In the process of data processing – when you have large data arrays for processing and / or comparison, different kinds of tula with the ability to use regular expressions come to the rescue, as well as the ability to write an auxiliary script.

5. If you worked with BurpSuite, you noticed in the same Intruder the ability to extract data from the page using regular expressions (also to the word about data parsing).

For those who have never dealt with regular expressions, this may seem to be a real hell at first – some confusing meanings, parentheses, dots and all that, a natural question arises – where do you start?

Not everyone likes and the option of reading a pile of books just fits; therefore, we will consider the least painful and most interesting options.

1. Referring to the cheat sheet by regular expressions:
RexEgg – https://www.rexegg.com/regex-quickstart.html

2. After you have studied (or briefly examined) the basic information on regular expressions – let’s try to solve an interesting exam:
RegexOne – https://regexone.com/

3. In the process of performing tasks, we can use some kind of auxiliary tool for testing:
Regex 101 – https://regex101.com/

4. After studying the cheat sheet and solving problems with regular expressions, it would probably be good to practice more real-life examples and the RegexBuddy will help us:
Regex Buddy – https://www.regexbuddy.com/

To work out RegexBuddy, try searching the Internet for live examples in the form of logs from various sources, or try parsing the pages and collecting data by criteria, and then fully understand them using regexbuddy (there is an opportunity to decompose everything by parameters).

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel