Update README again

Author: b-c-ds

README.md

@@ -19,20 +19,20 @@ For explotability, cubic complexity or higher is typically required unless truly
 
 ## Example
 
-Run `regexploit` and enter the regular expression `abc*[a-z]+c+$` at the command line.
+Run `regexploit` and enter the regular expression `v\w*_\w*_\w*$` at the command line.
 
 ```
 $ regexploit
-abc*[a-z]+c+$
-Pattern: abc*[a-z]+c+$
+v\w*_\w*_\w*$
+Pattern: v\w*_\w*_\w*$
 ---
-Worst-case complexity: 3 ⭐⭐⭐
-Repeated character: [c]
-Final character to cause backtracking: [^[a-z]]
-Example: 'ab' + 'c' * 3456 + '0'
+Worst-case complexity: 3 ⭐⭐⭐ (cubic)
+Repeated character: [5f:_]
+Final character to cause backtracking: [^WORD]
+Example: 'v' + '_' * 3456 + '!'
 ```
 
-The part `c*[a-z]+c+` contains three overlapping repeating groups. As showed in the line `Repeated character: [c]`, a long string of `c` will match this section in many different ways. The worst-case complexity is 3 as there are 3 infinitely repeating groups. An example to cause ReDoS is given: it consists of the required prefix `ab`, a long string of `c` and then a `0` to cause backtracking. Not all ReDoSes require a particular character at the end, but in this case, a long string of `c` will match the regex successfully and won't backtrack. The line `Final character to cause backtracking: [^[a-z]]` shows that a non-matching character not in the range `[a-z]` is required at the end to prevent matching and cause ReDoS.
+The part `\w*_\w*_\w*` contains three overlapping repeating groups (\w matches letters, digits *and underscores*). As showed in the line `Repeated character: [5f:_]`, a long string of `_` (0x5f) will match this section in many different ways. The worst-case complexity is 3 as there are 3 infinitely repeating groups. An example to cause ReDoS is given: it consists of the required prefix `v`, a long string of `_` and then a `!` (non-word character) to cause backtracking. Not all ReDoSes require a particular character at the end, but in this case, a long string of `_` will match the regex successfully and won't backtrack. The line `Final character to cause backtracking: [^WORD]` shows that a non-matching character (not a word character) is required at the end to prevent matching and cause ReDoS.
 
 As another example, install a module version vulnerable to ReDoS such as `pip install ua-parser==0.9.0`.
 To scan the installed python modules run `regexploit-python-env`.
@@ -82,7 +82,7 @@ pip install regexploit
 
 # Usage
 
-## Regex list
+## Regexploit with a list of regexes
 
 Enter regular expressions via stdin (one per line) into `regexploit`.
 
@@ -95,17 +95,21 @@ or via a file
 ```bash
 cat myregexes.txt | regexploit
 ```
-## Python code
+
+## Extract regexes automatically
+
+There is built-in support for parsing regexes out of Python, JavaScript, TypeScript, C#, YAML and JSON.
+### Python code
 
 Parses Python code (without executing it) via the AST to find regexes. The regexes are then analysed for ReDoS.
 
 ```bash
 regexploit-py my-project/
 regexploit-py "my-project/**/*.py" --glob
 ```
-## Javascript / Typescript
+### Javascript / Typescript
 
-This will use the bundled NodeJS package in `regexploit/bin/javascript` which parses your javascript as an AST with [eslint](https://github.com/typescript-eslint/typescript-eslint/tree/master/packages/parser) and prints out all regexes.
+This will use the bundled NodeJS package in `regexploit/bin/javascript` which parses your JavaScript as an AST with [eslint](https://github.com/typescript-eslint/typescript-eslint/tree/master/packages/parser) and prints out all regexes.
 
 Those regexes are fed into the python ReDoS finder.
 
@@ -116,7 +120,7 @@ regexploit-js "my-project/node_modules/**/*.js" --glob
 
 N.B. there are differences between javascript and python regex parsing so there may be some errors. I'm [not sure I want](https://hackernoon.com/the-madness-of-parsing-real-world-javascript-regexps-d9ee336df983) to write a JS regex AST!
 
-## Python imports
+### Python imports
 
 Search for regexes in all the python modules currently installed in your path / env. This means you can `pip install` whatever modules you are interested in and they will be analysed. Cpython code is included.
 
@@ -126,15 +130,15 @@ regexploit-python-env
 
 N.B. this doesn't parse the python code to an AST and will only find regexes compiled automatically on module import. Modules are actually imported, **so code in the modules will be executed**. This is helpful for finding regexes which are built up from smaller strings on load e.g. [CVE-2021-25292 in Pillow](https://github.com/python-pillow/Pillow/commit/3bce145966374dd39ce58a6fc0083f8d1890719c)
 
-## JSON / YAML
+### JSON / YAML
 
-Yaml requires pyyaml, which can be installed with `pip install regexploit[yaml]`.
+Yaml support requires pyyaml, which can be installed with `pip install regexploit[yaml]`.
 
 ```bash
 regexploit-json *.json
 regexploit-yaml *.yaml
 ```
-## C# (.NET)
+### C# (.NET)
 
 ```bash
 regexploit-csharp something.cs

regexploit/bin/regexploit_js.py

@@ -76,8 +76,8 @@ def main():
         os.path.join(os.path.split(__file__)[0], "javascript", "node_modules")
     ):
         path = os.path.join(os.path.split(__file__)[0], "javascript")
-        print("The javascript & typescript parsers requires some node modules.\n")
-        print(f"Go to {path} and run 'npm install'")
+        print("The JavaScript & TypeScript parsers require some node modules.\n")
+        print(f"Run (cd {path}; npm install)")
         sys.exit(1)
     with warnings.catch_warnings():
         warnings.simplefilter(