In this article, you can see some of the most useful BitNinja CLI commands and their short descriptions.
IP management
To manage the BitNinja allow, challenge, block list just use the bitninjacli command, then pass the name of the BitNinja list you would like to manage (–greylist /–blacklist /–whitelist) then you need to define what operation would you like to do (–add /–del /–check) then after a = symbol you need to add the IP address.
Examples:
| Commands | Result |
|---|---|
| bitninjacli –whitelist –add = 1.2.3.4 | 1.2.3.4 is now added to your account level allow list |
| bitninjacli –greylist –del = 1.2.3.4 | 1.2.3.4 is no longer challenge listed if it was challenge listed before |
| bitninjacli –blacklist –check = 1.2.3.4 | checks if 1.2.3.4 is block listed |
If you would like to check, delist or add multiple IP addresses, you can do that via a bash script.
#!/bin/bash
while read line; do echo $line;
#bitninjacli --greylist/ --blacklist/ --whitelist --add/ --del/ --check = IPaddress
#e.g.:
bitninjacli --greylist --check=$line
done < $1WAF 2.0 Module
These commands are useful if your domains behind Cloudflare becomes unreachable after you enabled the Trusted Proxy module. After issuing these commands the issue will be resolved.
bitninjacli --module=SslTerminating --reload
You can reload SslTerminating haproxy.cfg, if Bitninja is running.
bitninjacli --module=SslTerminating --regenerate
You can regenerate SslTerminating haproxy.cfg, if Bitninja is running.
netstat -lntp | grep -E ~60300|60301' ; iptables -S -t nat | grep -E 'BN_WAF_REDIR'
You can check whether WAF has bound itself correctly
Malware detection/scanner module
Change FileSystem monitor temporary to AuditdDbitninjacli --module=MalwareDetection --use-auditd
Change FileSystem monitor temporary to Inotifywaitbitninjacli --module=MalwareDetection --use-inotify
You can manually start the Malware scan on a specific directory.bitninjacli --module=MalwareScanner --scan=/path/to/dir/
You can manually stop the running malware scan.bitninjacli--module=MalwareScanner --cancel
You can test the current Monitoring tool (eg. Inotify or AuditD)
Inotify : ps aux | grep inotify
AuditD: auditctl -l
Other useful commands
Check the ipsets: ipset list -n
Check whether an IP is in any of our list: ipset list ”name of the list” | grep 1.2.3.4
Check for the open ports (Port Honeypot) : netstat -lntp | grep bitninja
List all the hosted domains on Apache: httpd -S or apache2 -S depending on the OS running on the server
To install our public SSH key:
This will let us access your server as root, so we can help you fix issues related to BitNinja
- open the
/root/.ssh/authorized_keysfile with your preferred text editor.
If it does not exist, then create this file with themkdir /root/.ssh/ && touch ~/.ssh/authorized_keyscommand. - Copy our public SSH key as it is and paste it into the file
In nano you can do that by opening the file nano like this:nano /root/.ssh/authorized_keyscopy the code from below, then right-click into the terminal window. Then press ctrl+x, then Y, and then enter.
from="207.180.231.111" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICA47X8ZCRydQFylHzzV7U/kgvlaB51Qa8AlB6aESU4V Support@bitninja-jump:1683728898- Save the changes and then exit the text editor.
- To apply changes to /etc/ssh/sshd_config, you must reload SSH:
sudo systemctl reload ssh
IP address from the domain name
Issue the nslookup command and add the domain name as a parameter. Like:
The server’s name from IP address
Issue nslookup command and the IP address that you wish to check as a parameter. Like this: