In this article, you can see some of the most useful BitNinja CLI commands and their short descriptions.
To manage the BitNinja allow, challenge, block list just use the
bitninjacli command, then pass the name of the BitNinja list you would like to manage (–greylist /–blacklist /–whitelist) then you need to define what operation would you like to do (–add /–del /–check) then after a = symbol you need to add the IP address.
|bitninjacli –whitelist –add = 126.96.36.199||188.8.131.52 is now added to your account level allow list|
|bitninjacli –greylist –del = 184.108.40.206||220.127.116.11 is no longer challenge listed if it was challenge listed before|
|bitninjacli –blacklist –check = 18.104.22.168||checks if 22.214.171.124 is block listed|
If you would like to check, delist or add multiple IP addresses, you can do that via a bash script.
#!/bin/bash while read line; do echo $line; #bitninjacli --greylist/ --blacklist/ --whitelist --add/ --del/ --check = IPaddress #e.g.: bitninjacli --greylist --check=$line done < $1
WAF 2.0 Module
These commands are useful if your domains behind Cloudflare becomes unreachable after you enabled the Trusted Proxy module. After issuing these commands the issue will be resolved.
bitninjacli --module=SslTerminating --reload
You can reload SslTerminating haproxy.cfg, if Bitninja is running.
bitninjacli --module=SslTerminating --regenerate
You can regenerate SslTerminating haproxy.cfg, if Bitninja is running.
netstat -lntp | grep -E ~60300|60301' ; iptables -S -t nat | grep -E 'BN_WAF_REDIR'
You can check whether WAF has bound itself correctly
Malware detection/scanner module
Change FileSystem monitor temporary to AuditdD
bitninjacli --module=MalwareDetection --use-auditd
Change FileSystem monitor temporary to Inotifywait
bitninjacli --module=MalwareDetection --use-inotify
You can manually start the Malware scan on a specific directory.
bitninjacli --module=MalwareScanner --scan=/path/to/dir/
You can manually stop the running malware scan.
You can test the current Monitoring tool (eg. Inotify or AuditD)
ps aux | grep inotify
Other useful commands
Check the ipsets: ipset list -n
Check whether an IP is in any of our list:
ipset list ”name of the list” | grep 126.96.36.199
Check for the open ports (Port Honeypot) :
netstat -lntp | grep bitninja
List all the hosted domains on Apache:
httpd -S or apache2 -S depending on the OS running on the server
To install our public SSH key:
This will let us access your server as root, so we can help you fix issues related to BitNinja
- open the
/root/.ssh/authorized_keysfile with your preferred text editor.
If it does not exist, then create this file with the
mkdir /root/.ssh/ && touch ~/.ssh/authorized_keyscommand.
- Copy our public SSH key as it is and paste it into the file
In nano you can do that by opening the file nano like this:
nano /root/.ssh/authorized_keyscopy the code from below, then right-click into the terminal window. Then press ctrl+x, then Y, and then enter.
from="188.8.131.52" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICA47X8ZCRydQFylHzzV7U/kgvlaB51Qa8AlB6aESU4V Support@bitninja-jump:1683728898
- Save the changes and then exit the text editor.
IP address from the domain name
nslookup command and add the domain name as a parameter. Like:
The server’s name from IP address
nslookup command and the IP address that you wish to check as a parameter. Like this: