pcregrep, grep based on perl compatible regular expressions

November 20th, 2007 mysurface Posted in pcregrep, printf, Regular Expression, Text Manipulation | Hits: 74728 | 1 Comment »

grep supposedly support perl regex by specified -P option, but somehow my grep do not support that, it complains this when I trigger with -P

grep: The -P option is not supported

But when you check the manpage of grep, you will see this

-P, --perl-regexp
              Interpret PATTERN as a Perl regular expression.

I found pcregrep in my repo, that supports grep based on Perl compatible regex.

Why do I need PCRE grep?
PCRE is much richer than classic regular expression, and it outperforms POSIX regex. We have PCRE library in c/c++, PHP, python etc. Check out more details information at http://www.pcre.org/ and also wikipedia.

Any examples that pcregrep outperforms grep?

Thanks to geek00l that raise the question, “How to grep for hex characters?”
The question may sounds vague, let me put it into a simple scenario. I have a line of binary strings, that may contain non-ascii characters. For examples ANSI codes for color text.

Try to do execute the line below:

printf '\x1b\x5b1;31;40m\tI am in Red\n'

Text will be print in red, but color is not reset after that. For more examples on how to print color text, refers to this post.

Trigger reset and try the line below again:

reset && printf '\x1b\x5b1;31;40m\tI am in Red\n\x1b\x5b0;40;40m'

Lets inject the ANSI code to a variable, after that echo it.

a=`printf '\x1b\x5b1;31;40m\tI am in Red\n\x1b\x5b0;40;40m'`
echo $a

Okay, it seems working!

So now I want to echo the color text only if I found 0x1b 0x5b … after the word “Red”. Grep can’t perform that because 0x1b, 0x5b and so on does not visible to user, with pcregrep, I can do this

echo $a | pcregrep "Red.*\x1b\x5b0;40;40m"

The example above may seems stupid, detects “hidden” characters may be very useful for security filtering. Network hackers may inject “hidden” binary codes by sending “hello world” across the networks, pcregrep may help to filter that. This is only my guess, I might be wrong, pcregrep may not useful to security analyst, I am not in depth into security stuff. Anyway, it just seems cool to use pcregrep instead of normal grep, so I can tried out more PCRE patterns.

Where can I obtain the details of what pattern pcre supports?

man pcrepattern

One Response to “pcregrep, grep based on perl compatible regular expressions”

  1. Many thanks for getting the time to focus on this, I really feel strongly about this and adore learning more on this topic. If possible, while you obtain expertise, would you mind updating your weblog with more information? It’s very useful for me.

Leave a Reply