Useful BitNinja commands

You are here:
Estimated reading time: 2 min

In this article, you can see some of the most useful BitNinja CLI commands and their short descriptions.

IP management

To manage the BitNinja allow, challenge, block list just use the bitninjacli command, then pass the name of the BitNinja list you would like to manage (–greylist /–blacklist /–whitelist) then you need to define what operation would you like to do (–add /–del /–check) then after a = symbol you need to add the IP address.

Examples:

These command parameters can be varied as it is necessary.
CommandsResult
bitninjacli –whitelist –add = 1.2.3.41.2.3.4 is now added to your account level allow list
bitninjacli –greylist –del = 1.2.3.41.2.3.4 is no longer challenge listed if it was challenge listed before
bitninjacli –blacklist –check = 1.2.3.4checks if 1.2.3.4 is block listed

If you would like to check, delist or add multiple IP addresses, you can do that via a bash script.

#!/bin/bash
while read line; do echo $line;
        #bitninjacli --greylist/ --blacklist/ --whitelist --add/ --del/ --check = IPaddress
        #e.g.:
        bitninjacli --greylist --check=$line
done < $1
The maximum limit for manual challenge listing is 2000 to avoid flooding.

WAF 2.0 Module

These commands are useful if your domains behind Cloudflare becomes unreachable after you enabled the Trusted Proxy module. After issuing these commands the issue will be resolved.

bitninjacli --module=SslTerminating --reload

You can reload SslTerminating haproxy.cfg, if Bitninja is running.

bitninjacli --module=SslTerminating --regenerate

You can regenerate SslTerminating haproxy.cfg, if Bitninja is running.

netstat -lntp | grep -E ~60300|60301' ; iptables -S -t nat | grep -E 'BN_WAF_REDIR'

You can check whether WAF has bound itself correctly

Malware detection/scanner module

Change FileSystem monitor temporary to AuditdD
bitninjacli --module=MalwareDetection --use-auditd

Change FileSystem monitor temporary to Inotifywait
bitninjacli --module=MalwareDetection --use-inotify

You can manually start the Malware scan on a specific directory.
bitninjacli --module=MalwareScanner --scan=/path/to/dir/

You can manually stop the running malware scan.
bitninjacli--module=MalwareScanner --cancel

You can test the current Monitoring tool (eg. Inotify or AuditD)
Inotify : ps aux | grep inotify
AuditD: auditctl -l

Other useful commands

Check the ipsets: ipset list -n

Check whether an IP is in any of our list: ipset list ”name of the list” | grep 1.2.3.4

Check for the open ports (Port Honeypot) : netstat -lntp | grep bitninja

List all the hosted domains on Apache: httpd -S or apache2 -S depending on the OS running on the server

To install our public SSH key:

This will let us access your server as root, so we can help you fix issues related to BitNinja

  1. open the /root/.ssh/authorized_keys file with your preferred text editor.
    If it does not exist, then create this file with the mkdir /root/.ssh/ && touch ~/.ssh/authorized_keys command.
  2. Copy our public SSH key as it is and paste it into the file
    In nano you can do that by opening the file nano like this: nano /root/.ssh/authorized_keys copy the code from below, then right-click into the terminal window. Then press ctrl+x, then Y, and then enter.
from="207.180.231.111" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICA47X8ZCRydQFylHzzV7U/kgvlaB51Qa8AlB6aESU4V Support@bitninja-jump:1683728898
  1. Save the changes and then exit the text editor.

IP address from the domain name

Issue the nslookup command and add the domain name as a parameter. Like:

The server’s name from IP address

Issue nslookup command and the IP address that you wish to check as a parameter. Like this:

Views: 4169