Useful BitNinja commands

This article provides some of the basic and useful commands of BitNinja.

IP Management

Whitelisting/Blacklisting the IP:

bitninjacli --whitelist --add=
bitninjacli --blacklist --add=

Checking if the IP is added on blacklist or whitelist:

bitninjacli --blacklist --check=
bitninjacli --whitelist --check=

Removing the IP from the blacklist/whitelist:

bitninjacli --blacklist --del=
bitninjacli --whitelist --del=


WAF 2.0 Module

These commands are useful if your domains behind Cloudflare becomes unreachable after you enabled the Trusted Proxy module. After issuing these commands the issue will be resolved.

bitninjacli --module=SslTerminating --reload

You can reload SslTerminating haproxy.cfg, if Bitninja is running:

bitninjacli --module=SslTerminating --regenerate

You can regenerate SslTerminating haproxy.cfg, if Bitninja is running:

netstat -lntp | grep -E ~60300|60301' ; iptables -S -t nat | grep -E 'BN_WAF_REDIR'

You can check whether WAF has bound itself correctly.

Malware detection/scanner module

Change FileSystem monitor temporary to AuditdD:

bitninjacli --module=MalwareDetection --use-auditd

Change FileSystem monitor temporary to Inotifywait:

bitninjacli --module=MalwareDetection --use-inotify

You can manually start the Malware scan on a specific directory:

bitninjacli --module=MalwareScanner --scan=/folder_name

You can manually stop the running malware scan.

bitninjacli--module=MalwareScanner --cancel

Other useful commands

Check the ipsets:

ipset list -n

Check whether an IP is in any of our lists:

ipset list ”name of the list” | grep

Check for the open ports (Port Honeypot) :

netstat -lntp | grep bitninja

Was this article helpful?

Related Articles