So I have been trying to build a regex that would detect port numbers(0-65535). I have tried the one given in the post below:
this one :
^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$
The above one seems to work fine when testing on https://regex101.com/.
But when I try to build a yara rule to detect this with the same pattern as stated above it doesn't work even though the above pattern has all the allowed characters as stated in the documentation:
https://yara.readthedocs.io/en/stable/writingrules.html#regular-expressions
Replace ^ and $ by \b.
\b([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])\b
\b is a word boundary; The boundary between word-characters ([A-Za-z0-9_]) and non-word characters (anything else). The pattern would match a number between 0 and 65535 without any surrounding digit or letter.