CyberCheatsheets

Regex Cheat Sheet

Regular expression syntax reference plus ready-to-use patterns for grepping IPs, hashes, emails, and secrets.

Utilities & Shellsgreppattern-matchingregexregular-expressionstextUpdated 2026-06-17

Overview

Regular expressions describe text patterns. They power grep, sed, awk, Burp, and nearly every search box in a security tool. This sheet covers the core syntax (anchors, classes, quantifiers, groups) and a set of battle-tested patterns for extracting the data you care about from messy output.

Reference material. Use pattern matching against data you are authorized to process.

Anchors & boundaries

Start of line

^

End of line

$

Word boundary

\b

Non-word boundary

\B

Character classes

Any character (except newline)

.

Digit / non-digit

\d  \D

Word char [A-Za-z0-9_] / non-word

\w  \W

Whitespace / non-whitespace

\s  \S

Any of a,b,c / none of them

[abc]  [^abc]

Ranges inside a class

[a-z0-9]

Quantifiers

0 or more

*

1 or more

+

0 or 1 (optional)

?

Exactly 3 / 2 to 4 / 2 or more

{3}  {2,4}  {2,}

Lazy (non-greedy) versions

*?  +?

Groups & alternation

Capture group

(abc)

Non-capturing group

(?:abc)

Alternation (a or b)

a|b

Named group (Python/PCRE)

(?P<name>...)

Backreference to group 1

\1

Lookahead: positive / negative

(?=...)  (?!...)

Ready-to-use patterns

IPv4 address

\b([0-9]{1,3}\.){3}[0-9]{1,3}\b

Email address

[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}

URL

https?://[^\s"'>]+

MD5 hash (32 hex)

\b[a-fA-F0-9]{32}\b

SHA-256 hash (64 hex)

\b[a-fA-F0-9]{64}\b

MAC address

([0-9A-Fa-f]{2}[:-]){5}[0-9A-Fa-f]{2}

AWS access key id

AKIA[0-9A-Z]{16}

JWT

eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+

Using regex on the CLI

grep with extended regex, only matching part

grep -oE '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b' file.txt

Perl-compatible regex (lookarounds) in grep

grep -oP '(?<=password=)\S+' config

sed capture-group replacement

sed -E 's/(user)=(\w+)/\1=REDACTED/' file

ripgrep (fast recursive secret hunt)

rg -e 'AKIA[0-9A-Z]{16}' -e 'eyJ[A-Za-z0-9_-]+\.' .

Tips

  • grep needs -E for + ? { } | (extended) or -P for lookarounds (Perl) — basic grep treats them literally.
  • Quantifiers are greedy by default; add ? to make them lazy when matching too much.
  • Escape regex metacharacters . * + ? ( ) [ ] { } ^ $ | \ with a backslash to match them literally.
  • Test patterns interactively at regex101.com before baking them into scripts.

References

Related cheat sheets