Regex Injection / ReDoS Tester - Online Safe Pattern Test

ReDoS Vulnerability Tester

Detect Regular Expression Denial of Service (ReDoS) vulnerabilities & regex injection risks. Safely test patterns with timeout protection and static analysis.

Web Worker Sandbox 5s Timeout

Regular Expression Pattern

/ /

Flags:

Presets:

Attack / Test String Auto-generated attack string below

No test results yet

Enter a regex pattern and click "Run ReDoS Test" to begin.

Frequently Asked Questions

What is a ReDoS attack?

ReDoS (Regular Expression Denial of Service) is a type of attack that exploits the backtracking behavior of regex engines. By crafting a malicious input string, an attacker can cause a regex to take exponentially long to evaluate—potentially seconds, minutes, or even hours—consuming CPU resources and denying service to legitimate users. This is especially dangerous on server-side applications where a single slow regex can block the entire event loop or thread pool.

Which regex patterns are vulnerable to ReDoS?

The most common dangerous patterns include:

1. Nested quantifiers: (a+)+, (x*)*, (.+){2,}
2. Overlapping alternation: (a|aa|aaa)+b — where branches can match the same characters
3. Quantified optional groups: (x?)+, ([,-]?)+
4. Greedy quantifiers before optional parts: .*=.* on input with no =
5. Multiple overlapping .* patterns: .*.*.*

The common trait: exponential backtracking when the regex engine tries all possible ways to split the match.

How does this tester detect ReDoS vulnerabilities?

This tool uses a two-pronged approach:

1. Static Analysis: Scans the regex pattern for known dangerous structures (nested quantifiers, overlapping alternation, etc.) using pattern-matching rules.

2. Safe Execution Test: Runs the regex against an auto-generated attack string inside a sandboxed Web Worker with a 5-second timeout. If the worker is terminated due to timeout, it confirms a severe ReDoS vulnerability. If it completes, the execution time is measured and compared against safe thresholds.

The combination of static analysis and empirical testing provides a comprehensive vulnerability assessment.

What is regex injection and how is it related?

Regex injection occurs when user-supplied input is directly incorporated into a regular expression without proper sanitization. An attacker can inject:

• ReDoS patterns: e.g., injecting (a+)+ to cause denial of service
• Pattern-altering metacharacters: e.g., | to bypass filters, .* to match everything
• Unexpected flags or modifiers

Prevention: Always escape user input before using it in regex patterns (use regexEscape() utilities), validate and limit input length, and avoid constructing dynamic regex from untrusted sources whenever possible.

How can I fix a ReDoS-vulnerable regex?

1. Remove unnecessary nesting: Change (a+)+ to a+
2. Simplify alternation: Change (a|aa|aaa)+ to a+
3. Use possessive quantifiers (not supported in JS, but can be simulated with atomic groups in some engines): a++ instead of a+
4. Limit repetition: Use {1,10} instead of + or * when possible
5. Use non-backtracking constructs: Leverage lookahead assertions carefully
6. Pre-validate input length: Limit the length of strings passed to complex regex
7. Use a DFA-based regex library (like re2 for Node.js) that guarantees linear-time matching

This tool provides specific fix suggestions based on the detected patterns.

Are all regex engines equally vulnerable?

No. Regex engines fall into two categories:

Backtracking engines (vulnerable): JavaScript (V8, SpiderMonkey, JSC), Python (re module), PHP (pcre), Ruby, Perl, .NET (by default). These can exhibit exponential worst-case behavior.

DFA/Thompson NFA engines (resistant): Go (regexp), Rust (regex crate), RE2 (C++/Node.js binding), PostgreSQL ~ operator. These guarantee O(n) time complexity.

Since JavaScript is widely used for both frontend and backend (Node.js), ReDoS is a critical concern for web developers. Chrome's V8 has some optimizations but is not immune to ReDoS.

Security note: All regex testing is performed in an isolated Web Worker with a hard 5-second timeout. Your browser's main thread is never blocked. No data is sent to any server — everything runs locally in your browser. For production regex security, consider using RE2 or similar DFA-based engines, and always validate user input length.

New

Love Calculator - Online Fun Romance Compatibility Test

Enter two names and get a playful love compatibility percentage. Purely for entertainment! All calculation happens instantly in your browser.

Entertainment calculator compatibility love romance

New

Web Share Level 2 Tester - Online Share Files

Test sharing multiple files (images, PDFs) using the Web Share API. Check if the browser supports file sharing. Demo page.

API API files share Web Share

New

Currency Code to Symbol Converter - Online ISO 4217 Lookup

Enter a three‑letter currency code like USD or EUR and instantly see the corresponding symbol and number of decimals. Quick developer reference.

Finance currency ISO 4217 lookup symbol

New

Email Permutator - Online Generate All Possible Addresses

Enter a first name and last name, plus a domain, to generate common email address patterns. For finding contacts.

Business contact email guess permutator

New

Homophone Checker - Online Sound‑Alike Words Tool

Type a word to see all its homophones with definitions. Avoid embarrassing mistakes (their/there/they’re). Static dictionary.

Educational checker English homophone words

New

Text to Binary String - Online 0s and 1s Converter

Convert any text to a long string of binary digits. Perfect for learning binary representation. Local conversion.

Educational binary converter string text

New

Eye Prescription Converter - Glasses to Contact Lens Rx Tool

Approximate conversion from eyeglass prescription to contact lens power. Uses vertex distance formula. For educational purposes only, consult your optometrist.

Calculator contacts converter eye glasses prescription

New

Number to Words Converter - Online Full English

Type a number and see its full English word representation (e.g., 123 → one hundred twenty‑three). Supports large numbers.

Converter converter English number words

New

All‑in‑One Unit Converter - Online 20+ Categories

Convert across length, mass, speed, temperature, data, and more. Search any unit and type. Compact and fast.

Converter all categories converter unit

New

Polygon Area Calculator - Online Irregular Shape Tool

Calculate the area of an irregular polygon by entering its vertex coordinates. Uses the shoelace formula. Pure math.

Calculator area coordinates geometry polygon

New

HMAC Generator - Online SHA‑256/512 Message Authentication

Create an HMAC (Hash‑based Message Authentication Code) using SHA‑256 or SHA‑512 with a secret key. Verify data integrity. Local.

Generator authentication generator HMAC SHA‑256

New

Language Cheat Sheet Generator - Online Phrase Card for Travel

Select a destination language and generate a printable mini phrasebook with essential greetings, directions, food, and emergency phrases. Local only.

Generator cheat sheet language phrase travel

New

Paper Size Converter - Online A4, Letter, Legal Dimensions

See exact mm and inch dimensions of ISO A-series and US paper sizes. Visual comparison tool. Also calculates weight based on GSM and dimensions.

Reference A4 dimension letter paper size

New

Number to Words Converter - Online Write Out Currency

Convert a numeric amount into English words, perfect for writing checks or legal documents. Supports USD/GBP styles.

Converter converter currency number words

New

String Art Pattern Preview - Online Thread Layout on Circle

Design circular string art by ticking nails and seeing simulated thread lines. Adjust number of nails and steps. Export pattern. Local only.

Creative Tools generator nail string art thread

New

Gamma Function Calculator - Online Advanced Factorial

Evaluate the Gamma function for real and complex inputs (real part). Extension of factorial. Academic mathematics tool.

Calculator calculator factorial function Gamma

New

Voltage Divider Calculator - Online Two Resistor Output Tool

Calculate output voltage from a two-resistor voltage divider. Enter input voltage and resistances to see Vout. Includes circuit schematic. No data sent.

Calculator calculator electronics voltage divider

New

Leap Year Checker - Online Verify February 29

Enter a year to check if it is a leap year. Shows the rule explanation and next/previous leap years. Simple reference.

Calendar calendar checker date leap year

New

Data Storage Converter - Online Byte KB MB GB TB Tool

Convert between digital storage units: bits, bytes, kilobytes, megabytes, gigabytes, and more. Binary and decimal interpretations available. A developer must-have.

Developer Tools byte converter data storage gigabyte

New

Periodic Table Speller - Online Write Words with Elements

Type a word and see if it can be spelled using chemical element symbols. Geeky custom message creator. Copy or share.

Educational elements fun periodic table speller

New

Probability Calculator - Online Odds & Combinatorics Tool

Compute probability for simple events, as well as permutations and combinations (nPr, nCr). Useful for statistics and game theory. Browser-based math.

Calculator combinatorics math odds probability

New

Veggie Match Memory Game – Online Flip & Find Pairs

Cute vegetable-themed memory matching game for preschoolers. No ads, simple interface.

Games kids memory game vegetable

New

Resistors in Parallel Calculator - Online Multiple Branch Tool

Calculate the total resistance of up to 10 resistors in parallel. Enter values and see the combined resistance instantly. Local electronics helper.

Calculator calculator parallel resistor

New

CMYK to Pantone Converter - Online Approximate Match

Enter CMYK values and find the closest Pantone Solid Coated color. For print design reference. Client‑side lookup.

Color Tool CMYK converter Pantone print

New

Multi Dice Roller - Online 3D Animated Dice

Roll virtual dice with animated 3D spins. Choose any number and type. See total and individual results. Fun for games.

Entertainment 3D animated dice roller

New

Online Scratch Card - Virtual Reveal & Surprise Message

Create a virtual scratch card with a hidden message or prize. Send the link; recipient scratchs with mouse/touch. Canvas-based.

Entertainment game reveal scratch card surprise

New

Scientific Notation Converter - Online Exponential & Decimal Swap

Convert between scientific notation (a × 10^n) and decimal form. Also supports engineering notation. Instant, local.

Converter converter exponential scientific notation

New

Memory Card Matching Game - Online Flip & Find Pairs

Classic memory card game with emoji or color themes. Select grid size and try to find all pairs in minimum moves. Brain training fun.

Games cards game match memory

New

Math Worksheet Generator - Online Printable Drills for Kids

Generate printable math worksheets for addition, subtraction, multiplication, and division. Choose difficulty and number of problems. Answer key included.

Education generator math print worksheet

New

Disc Golf Putting Probability Calculator - Online C1X/C2 Stats

Estimate make probability of a putt based on distance and skill rating. For disc golf enthusiasts. Fun statistical tool, no data upload.

Calculator calculator disc golf probability putting