I've been stuck on this for about 2 days now. Unfortunately I may only use powershell (which I'm not good at). I want to match the following criteria using regex:
hxxp://www[.]website[.]org
google.com
www.google[.]com
foob://geller.xyz
hxxps://website[.]net/tree/branch/etc
I'm looking at urls & domains (for IOCs) that are fanged and defanged. The url/domain are of all different formats except they always include a anycharacter.anycharacter . I thought the best way to match would be if the string has a period with characters on both sides to then match with the beginning and end of the string. The closest I have come is:
^.*\b[^.]+$\b
However, I'm not getting positive results with anything I've tried. I would appreciate if anyone has any ideas. To show that I'm not lazy here's what I've got for the other IOCs (I'm just stuck on this one):
#Select a file with a dialog. TXT only
Add-Type -AssemblyName System.Windows.Forms
$FileBrowser = New-Object System.Windows.Forms.OpenFileDialog -Property @{
InitialDirectory = [Environment]::GetFolderPath('Desktop')
Filter = 'TXT (*.txt)|*.txt'
}
[void]$FileBrowser.ShowDialog()
$FileBrowser.FileNames
#Sets file & applies set string while creating first ouput file
#First regex matches IPV4 <-- works well!
$input_path = $FileBrowser.FileNames
$output_file = ‘C:\Users\output.csv'
$regex = ‘\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b’
select-string -Path $input_path -Pattern $regex -AllMatches | % { $_.Matches } | % { $_.Value } > $output_file
#Second regex2 matches domains <- is a problem
$regex2 = '\b^.*[^.]+$\b'
select-string $input_path -Pattern $regex2 -AllMatches | % { $_.Matches } | % { $_.Value } | Out-File -FilePath C:\Users\01100\Desktop\Folder\output.csv -Append
#Third matches any file extension <--- works well!
$regex3 = '^\.[a-zA-Z0-9]+$'
select-string $input_path -Pattern $regex3 -AllMatches | % { $_.Matches } | % { $_.Value } | Out-File -FilePath C:\Users\01100\Desktop\Folder\output.csv -Append
#Fourth matches any hash <--- works well!
$regex4 = '[A-Fa-f0-9]{15,}'
select-string $input_path -Pattern $regex4 -AllMatches | % { $_.Matches } | % { $_.Value } | Out-File -FilePath C:\Users\01100\Desktop\Folder\output.csv -Append
#Fifth matches defanged IPs <---works well!
$regex5 = '\b\d{1,3}[^b]\.[^b]\d{1,3}[^b]\.[^b]\d{1,3}[^b]\.[^b]\d{1,3}\b'
select-string $input_path -Pattern $regex5 -AllMatches | % { $_.Matches } | % { $_.Value } | Out-File -FilePath C:\Users\01100\Desktop\Folder\output.csv -Append