Command-Line Interface

BitNinja has a command-line interface to alter or query your black/white list and manage the greylist. You can use this tool to integrate your software with BitNinja.

Installation

After installing BitNinja, bitninjacli is accessible. You can use it.

Usage

bitninjacli --help

Usage: bitninjacli Command

Commands:

[--whitelist|--blacklist|--greylist] [--add|--del|--check]=ip [--comment="Operation made by cli."]
    You can manipulate the user specific white/black/greylist
    with the corresponding command. You can add/delete/check a
    given IP address.
    example:
    bitninjacli --whitelist --add=1.2.3.4

[--waf=enabled|disabled]
    Enable or disable the waf module locally.

[--porthoneypot=enabled|disabled]
    Enable or disable the PortHoneypot module locally.

[--reloadiptables]
    You can reload Bitninja specific iptables rules with it.

[--remove-rules]
    Remove every BitNinja-related iptables rules and ipsets. Use only when Agent exited abnormally.

[--webhoneypot] [--file=/path/ot/file]
    You can make a specific file to a honeypot.

[--module=MalwareDetection] [--enabled|--disabled]
    You can start or stop MalwareDetection manually, if Bitninja is running.

[--module=MalwareDetection] [--scan=/path/to/dir/]
    You can manually start MalwareDetection scan on a specific directory.

[--module=OutboundWAF] [--enabled|--disabled]
    You can start or stop OutboundWAF manually, if Bitninja is running.

[--module=SslTerminating] [--enabled|--disabled]
    You can start or stop SslTerminating manually, if Bitninja is running.

[--module=SslTerminating] [--reload]
    You can reload SslTerminating haproxy.cfg,  if Bitninja is running.

[--module=SslTerminating] [--regenerate]
    You can regenerate SslTerminating haproxy.cfg, if Bitninja is running.

[--module=SenseLog] [--reload]
    You can reload the SenseLog config.ini, if Bitninja is running.

[--licenseinfo]
    Queries the current license information. It can be free, trial, ok (means pro license), no_payment

[--restore=/path/to/file]
    Restores file from quarantine.

Module Options

BitNinja CLI offers control over its modules with:

--module=ModuleName

Every module can receive the following commands:

--stop/--start/--restart

They will stop/start/restart BitNinja module processes. It can be useful for example, when AntiFlood module bans your attacking IP address and puts it in the local blacklist while you’re testing the agent. In this case, you can use the following command to test further:

bitninjacli --module=AntiFlood --stop

Almost every module can receive the following commands:

--enabled/--disabled/--reload

‘Enabled’ will activate the module and it will start detection. ‘Disabled’ will stop the detection, but the module process itself will still run. With ‘reload’ you can reload the module configuration without the need of restarting the Agent.

Unfortunately not every module is compatible with these command options. See the available options on the module pages.