Securityflags: g

bcrypt Password Hash

Match bcrypt password hashes in their canonical $2a$/$2b$/$2y$ prefixed format.

Try it in RegexPro →

Available in

JSSupported

JavaScript / ECMAScript

Browser-native RegExp. Default if you don't pick.

PYSupported

Python (re)

CPython stdlib `re`. Unicode-aware `\w` and `\d` by default.

GOSupported

Go (RE2)

Linear-time matching. No backreferences or lookarounds.

Pattern

regexengine-agnostic

\$2[abxy]?\$\d{2}\$[./A-Za-z0-9]{53}   (flags: g)

Raw source: \$2[abxy]?\$\d{2}\$[./A-Za-z0-9]{53}

How it works

Version prefix $2 with optional suffix letter, cost parameter (two digits), salt + hash encoded in bcrypt's base64 alphabet for a fixed 53 trailing characters.

Examples

Input

$2a$12$R9h/cIPz0gi.URNNX3kh2OPST9/PgBkqquzi.Ss7KIUgO2t0jWMUW

Matches

$2a$12$R9h/cIPz0gi.URNNX3kh2OPST9/PgBkqquzi.Ss7KIUgO2t0jWMUW

Common use cases

•Detecting leaked hashes in dumps
•Secret scanning in configs
•Security audit of DB exports
•Migration tooling between hash formats

Related patterns

Strong Password

Security

Enforce strong passwords: min 8 chars, at least one lowercase, uppercase, digit, and special character.

GitHub Personal Access Token

Security

Match GitHub Personal Access Tokens (classic + fine-grained) and OAuth tokens by their `ghX_` prefix.

SSH Public Key

Security

Match SSH public keys in OpenSSH `authorized_keys` format, including the optional comment field.

AWS Access Key ID

Security

Match AWS access key IDs (both long-term AKIA and temporary ASIA prefixes).

←PreviousBitcoin Address

All patterns

NextAWS Access Key ID→