A Flexible Potfile Parsing Tool

Pronounced "Reg-X" as in Regex eXtractor

Unlike general-purpose tools like grep or ripgrep, RegX offers a more nuanced approach that was developed specifically for parsing hashcat potfiles that contain multiple hash algo's. While this can be done with grep, compiling and testing regular expressions, especially for more complex hashes, can be cumbersome and error prone. See examples below.

• Parse md5 (hex32) hashes:
  • grep
    • egrep '[a-f0-9]{32}' file.txt
  • RegX
    • ./regx.bin -f file.txt -m hex32
• Parse bcrypt hashes:
  • grep
    • egrep '\$2[a-zA-Z]{1}\$[0-9]{2}\$[[:print:]]{53}' file.txt
  • RegX
    • ./regx.bin -f file.txt -m 3200
• Parse Django (PBKDF2-SHA256) hashes:
  • grep
    • egrep 'pbkdf2_sha256\$[0-9]{1,6}\$[[:print:]]{57}' file.txt
  • RegX
    • ./regx.bin -f file.txt -m 10000
• Parse Bitcoin hashes:
  • grep
    • egrep '\$bitcoin\$[0-9]{1,3}\$[a-f0-9]{40,}\$[0-9]{2}\$[a-f0-9]{2,}\$[0-9]{2,}\$[0-9]{1,}\$[0-9]{1,}\$[0-9]{1,}\$[0-9]{1,}' file.txt
  • RegX
    • ./regx.bin -f file.txt -m 11300

As shown in the examples above, RegX's built-in support for popular hashcat algorithms makes parsing hashes seamless.

RegX also supports a wide range of regex patterns compatible with RE2, by using option: -r {regex_pattern}

More info on RE2: https://github.com/google/re2/wiki/Syntax

• Parse all hex 32 hashes (md5, md4, ntlm, etc), both salted and non-salted:
  • ./regx.bin -f file.txt -m hex32
• Parse bcrypt hashes by hashcat mode {-m 3200}:
  • ./regx.bin -f file.txt -m 3200
• Parse bcrypt hashes by algo name {-m bcrypt}:
  • ./regx.bin -f file.txt -m bcrypt
• Parse a custom hex length hash (where {nth} equals length):
  • ./regx.bin -f file.txt -m hex{nth}
• Use custom RE2 regex with -r {regex}:
  • ./regx.bin -f file.txt -r '[a-fA-F0-9]{32}'
• Run ./regx.bin -help to see a list of all options

• All HEX algos:
  • -m hex32 covers all HEX32 hashes such as md5, md5, ntlm, etc
  • -m hex40 covers all HEX40 hashes such as sha1, mysql5, ripemd-160, etc
  • custom hex lengths can be given as well, -m hex56 would cover sha224 hashes, etc

• If you want the latest features, compiling from source is the best option since the release version may run several revisions behind the source code.
• This assumes you have Go and Git installed
  • git clone https://github.com/cyclone-github/regx.git
  • cd regx
  • go mod init regx
  • go mod tidy
  • go build -ldflags="-s -w" .
• Compile from source code how-to:
  • https://github.com/cyclone-github/scripts/blob/main/intro_to_go.txt

• https://github.com/cyclone-github/regx/blob/main/CHANGELOG.md

• Several antivirus programs on VirusTotal incorrectly detect compiled Go binaries as a false positive. This issue primarily affects the Windows executable binary, but is not limited to it. If this concerns you, I recommend carefully reviewing the source code, then proceed to compile the binary yourself.
• Uploading your compiled binaries to https://virustotal.com and leaving an up-vote or a comment would be helpful as well.