regex
This command parses variables using regular expressions. For more information about regular expressions see Python Regex
The following example parses the portnumber from the output of the last command and stores it in variable “UNREALPORT”:
commands:
- type: shell
cmd: echo "6667/tcp open irc UnrealIRCd"
- type: regex
cmd: (\d+).*UnrealIRCd
output:
UNREALPORT: "$MATCH_0"
- type: debug
cmd: "Port: $UNREALPORT"
By using the mode “split”, strings that are seperated by whitespaces can be tokenized:
commands:
- type: shell
cmd: echo "6667/tcp open irc UnrealIRCd"
- type: regex
cmd: "\ +"
mode: split
output:
# {'MATCH_0': '6667/tcp', 'MATCH_1': 'open', 'MATCH_2': 'irc', 'MATCH_3': 'UnrealIRCd\n'}
UNREALPORT: "$MATCH_0"
- type: debug
cmd: "Port: $UNREALPORT"
- mode
Specifies the python regex-function. One of:
search,split,suborfindall.- Type:
str
- Default:
findall
- replace
This variable must be set for sub mode. It holds the replacement-string for the substitution.
- Type:
str
- Default:
None
commands: - type: setvar cmd: "hello world" variable: FOO - type: regex cmd: hello mode: sub replace: whaat input: FOO output: BAR: $MATCH - type: debug cmd: $BAR
- input
Parse the value of this variable.
- Type:
str
- Default:
RESULT_STDOUT
- output
Defines where to store the results of the regular expression. This must be a list of key-value pairs(“variable-name”: “$MATCH”). The matches of the regular expressions are stored in temporary variables $MATCH. If the match is stored in a list or in a list of tuples the variablename will be numbered by the index. For examle: “$MATCH_0_0” for the first element in the first occurance. If the regex-command does not match, no output variable will be set!
Note
A dump containing all matches will be printed if attackmate runs in debug-mode.
- Type:
dict[str,str]
- Required:
True