GREP Command Reference
Basic Usage
grep [OPTION] PATTERN [FILE...]
# Search for pattern in files
grep "error" logfile.txt
# Find lines containing "error"
grep -i "Error" logfile.txt
# Case insensitive search
Common Options
-i
# Ignore case
-v
# Invert match (show non-matching)
-n
# Show line numbers
-c
# Count matches
-l
# List filenames with matches
-r
# Recursive search
-E
# Extended regex (ERE)
Wildcards & Quantifiers
.
# Any single character
*
# Zero or more of preceding
+
# One or more of preceding
?
# Zero or one of preceding
{n}
# Exactly n times
{n,}
# n or more times
{n,m}
# Between n and m times
Position Anchors
^
# Beginning of line
$
# End of line
\<
# Start of word
\>
# End of word
\b
# Word boundary
Character Classes
[abc]
# Any of a, b, or c
[a-z]
# Any lowercase letter
[A-Z]
# Any uppercase letter
[0-9]
# Any digit
[^abc]
# NOT a, b, or c
[:alpha:]
# Alphabetic characters
[:digit:]
# Numeric characters
🔐 Personal Information Patterns
[0-9]{3}-[0-9]{2}-[0-9]{4}
# SSN (XXX-XX-XXXX)
\([0-9]{3}\) [0-9]{3}-[0-9]{4}
# Phone (XXX) XXX-XXXX
[0-9]{3}-[0-9]{3}-[0-9]{4}
# Phone XXX-XXX-XXXX
[0-9]{4}-[0-9]{4}-[0-9]{4}-[0-9]{4}
# Credit Card XXXX-XXXX-XXXX-XXXX
[0-9]{5}(-[0-9]{4})?
# ZIP Code XXXXX or XXXXX-XXXX
[0-9]{1,2}/[0-9]{1,2}/[0-9]{4}
# Date MM/DD/YYYY
[A-Z]{2}[0-9]{6,8}
# Driver's License (varies by state)
🛡️ Security & Forensics Patterns
([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})
# MAC Address
[A-Fa-f0-9]{32}
# MD5 Hash
[A-Fa-f0-9]{40}
# SHA1 Hash
[A-Fa-f0-9]{64}
# SHA256 Hash
\\\\[a-zA-Z0-9.-]+\\[a-zA-Z0-9.-]+
# UNC Path \\server\share
C:\\[a-zA-Z0-9\\._-]+
# Windows File Path
/[a-zA-Z0-9/._-]+
# Linux File Path
Security & Networking Use Cases
grep "Failed password" /var/log/auth.log
# Find failed login attempts
grep -E "ERROR|FATAL" app.log
# Find errors in application logs
netstat -an | grep ":80 "
# Check port 80 connections
ps aux | grep apache
# Find Apache processes
grep -r "ssh" /etc/
# Search SSH config files
Interactive GREP Simulator
Results will appear here...
Real-World Examples for IT Students
🔍 Log Analysis
Search system logs for errors, failed logins, and security events
grep -i "error\|fail" /var/log/messages
🌐 Network Monitoring
Monitor network connections and identify suspicious activity
netstat -an | grep ":22\|:80\|:443"
🔒 Security Auditing
Find failed authentication attempts and security breaches
grep "Failed password" /var/log/auth.log
⚙️ Configuration Files
Search configuration files for specific settings
grep -r "^Port\|^Listen" /etc/
💻 Process Management
Find specific processes and their resource usage
ps aux | grep -v grep | grep apache
🔢 IP Address Validation
Extract and validate IP addresses from logs
grep -E "\b[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\b"
🔐 PII/PHI Detection
Identify sensitive personal and protected health information
grep -E "[0-9]{3}-[0-9]{2}-[0-9]{4}"
🦠 Malware Detection
Detect malicious activity and suspicious processes
grep -E "ALERT|powershell.*-enc|evil"
🌍 Web Server Analysis
Analyze HTTP logs for attacks and anomalies
grep -E '" [45][0-9][0-9] |sqlmap'
🗄️ Database Monitoring
Monitor database performance and security issues
grep -E "ERROR|injection|Slow query"
🐳 Container Logs
Monitor Docker containers and microservices
grep -E "level=(error|fatal)"
🪟 Windows Events
Analyze Windows Event Log for security events
grep -E "Event ID: (4625|1116)"
📊 JSON/API Logs
Parse structured JSON logs from modern applications
grep -E 'level":"(error|fatal)'
⚡ Performance Monitor
Track system performance metrics and alerts
grep -E "CPU: [89][0-9]|ALERT|CRITICAL"
Common Patterns for IT Professionals
| Use Case | Pattern | Description |
|---|---|---|
| Email Addresses | [a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,} | Match valid email formats |
| IP Addresses | \b([0-9]{1,3}\.){3}[0-9]{1,3}\b | Match IPv4 addresses |
| MAC Addresses | ([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2}) | Match MAC address formats |
| URLs | https?://[^\s]+ | Match HTTP/HTTPS URLs |
| Port Numbers | :(6[0-5][0-5][0-3][0-5]|[1-5][0-9]{4}|[1-9][0-9]{0,3}) | Match valid port ranges |
| Social Security Numbers | [0-9]{3}-[0-9]{2}-[0-9]{4} | Match SSN format XXX-XX-XXXX |
| Phone Numbers | \([0-9]{3}\) [0-9]{3}-[0-9]{4} | Match phone format (XXX) XXX-XXXX |
| Credit Cards | [0-9]{4}-[0-9]{4}-[0-9]{4}-[0-9]{4} | Match credit card format |
| MD5 Hashes | [A-Fa-f0-9]{32} | Match 32-character MD5 hashes |
| SHA256 Hashes | [A-Fa-f0-9]{64} | Match 64-character SHA256 hashes |
Pattern Visualizer
Pattern matches will be highlighted here...
Pattern Breakdown:
Enter a pattern to see its explanation