Reputation: 3
Yara regex for detecting port numbers not working
So I have been trying to build a regex that would detect port numbers(0-65535). I have tried the one given in the post below:
this one :
^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$
The above one seems to work fine when testing on https://regex101.com/.
But when I try to build a yara rule to detect this with the same pattern as stated above it doesn't work even though the above pattern has all the allowed characters as stated in the documentation:
https://yara.readthedocs.io/en/stable/writingrules.html#regular-expressions
Upvotes: 0
Views: 490
Answers (2)
Reputation: 89231
Replace ^ and $ by \b.
\b([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])\b
\b is a word boundary; The boundary between word-characters ([A-Za-z0-9_]) and non-word characters (anything else). The pattern would match a number between 0 and 65535 without any surrounding digit or letter.
Upvotes: 0
Reputation: 417
Your regex has starting (^) and end point ($) check. Because of this it will work only if your input is a port number. This will not work if you want to match the port number part from a string. To work this for a string remove ^ and $ from the regex start and end point.
Upvotes: 0
Related Questions
- YARA Rule - Regex - String with at least one digit
- Regex get port from host with multipe choises
- Complete Regex to match url with port number
- Yara Rule - Regex - syntax error: unexpected ')'
- Yara Rule - Regex - Matching Wildcard
- Regex: Is it possible to validate a port and a port-range with one regex?
- Anyone see anything wrong with my regex for port numbers?
- How to get the port number alone using regex in c#?
- Regex to match Exact port number (netstat command)
- How to limit Regex validation for Port number Validation 1024 to 65535