The Regular expression Denial of Service (ReDoS) attack exploits the implementation of a regular expression engine causing them to run in exponential time related to the input size. This tool allows you to test various regular expressions against different input inside your browser to measure the time it takes to test an input against a regular expression in order to illustrate this attack.
Some basic examples
Click the example to load it up for testing.
- (a+)+b
- ([a-zA-Z]+)*b
- (a|aa)+b
- (a|a?)+b
- (.*a){12}b
Some real life examples
Click the example to load it up for testing.
- ^(.+\.)*localhost$
- ("[^"]*"|[^@])*@([^@]*)
- ^([A-Z0-9_+-]+\.?)*[A-Z0-9_+-]@([A-Z0-9][A-Z0-9\-]*\.)+[A-Z]{2,}$
-
@(.*?\.)+([a-z]{2,18})$
A vulnerable attempt at detecting a valid email address after the @