OpenSkillIndex← back to search

Hacktricks-skills bitcoin-node-pentesting

How to enumerate and assess Bitcoin nodes during security assessments. Use this skill whenever the user mentions Bitcoin nodes, cryptocurrency pentesting, ports 8333/18333/38333/18444, or wants to enumerate Bitcoin network infrastructure. This skill covers mainnet, testnet, signet, and regtest Bitcoin node enumeration using Nmap scripts and Shodan queries.

install
source · Clone the upstream repo
git clone https://github.com/abelrguezr/hacktricks-skills
manifest: skills/network-services-pentesting/8333-18333-38333-18444-pentesting-bitcoin/SKILL.MD
source content

Bitcoin Node Pentesting

A skill for enumerating and assessing Bitcoin nodes during security assessments.

When to Use This Skill

Use this skill when:

  • You need to enumerate Bitcoin nodes on a target network
  • You're assessing cryptocurrency infrastructure security
  • You encounter open ports 8333, 18333, 38333, or 18444
  • You want to gather information about Bitcoin network nodes
  • You're performing reconnaissance on Bitcoin-related services

Bitcoin Network Ports

PortNetworkDescription
8333MainnetProduction Bitcoin network
18333TestnetBitcoin test network
38333SignetBitcoin signet (alternative testnet)
18444RegtestLocal/regtest Bitcoin network

Enumeration Methods

Method 1: Nmap Bitcoin Scripts

Nmap includes specialized scripts for Bitcoin node enumeration. These scripts communicate with the node as if you were another valid Bitcoin node.

Get Basic Node Information

# Mainnet (port 8333)
sudo nmap -p 8333 --script bitcoin-info <target-ip>

# Testnet (port 18333)
sudo nmap -p 18333 --script bitcoin-info <target-ip>

# Signet (port 38333)
sudo nmap -p 38333 --script bitcoin-info <target-ip>

# Regtest (port 18444)
sudo nmap -p 18444 --script bitcoin-info <target-ip>

What this reveals:

  • Timestamp of the node
  • Network type (main/test/signet/regtest)
  • Bitcoin Core version
  • Node ID
  • Last block height
  • User agent string

Get Known Peer Addresses

# Get list of peers the node knows about
sudo nmap -p 8333 --script bitcoin-getaddr <target-ip>

What this reveals:

  • IP addresses of other Bitcoin nodes
  • Timestamps for each peer
  • Can help map the Bitcoin network topology

Method 2: Shodan Queries

Use Shodan to discover Bitcoin nodes on the internet.

Basic Queries

# Find Bitcoin mainnet nodes
port:8333 bitcoin

# Find nodes with specific user agent
User-Agent: /Satoshi

# Combine for more specific results
port:8333 "Satoshi"

Advanced Queries

# Find specific Bitcoin Core versions
port:8333 "Satoshi:0.19.1/"

# Find nodes in specific countries
port:8333 country:US

# Find nodes with specific software
port:8333 "Satoshi:24.0/"

Example Workflow

Step 1: Identify Bitcoin Nodes

# Scan for Bitcoin ports
nmap -p 8333,18333,38333,18444 <target-ip>

Step 2: Enumerate Node Information

# Get detailed node info
sudo nmap -p 8333 --script bitcoin-info <target-ip>

Step 3: Map Network Topology

# Get peer list to understand network connections
sudo nmap -p 8333 --script bitcoin-getaddr <target-ip>

Step 4: Document Findings

Record:

  • Node version and software
  • Network type (mainnet/testnet/signet/regtest)
  • Last block height (indicates sync status)
  • Known peers (for network mapping)
  • Any unusual configurations

Important Notes

  1. Permission Required: Always ensure you have authorization before scanning Bitcoin nodes
  2. Network Impact: Enumeration queries are lightweight but can add minimal load
  3. Version Detection: User agent strings reveal Bitcoin Core versions which may have known vulnerabilities
  4. Network Mapping: bitcoin-getaddr can reveal other nodes in the network
  5. Test Networks: Testnet (18333) and signet (38333) are safe for testing; mainnet (8333) should only be scanned with permission

Common Use Cases

  • Security Assessment: Identify outdated Bitcoin Core versions with known vulnerabilities
  • Network Discovery: Map Bitcoin node infrastructure in a target environment
  • Compliance Audit: Verify Bitcoin node configurations meet security requirements
  • Research: Study Bitcoin network topology and node distribution

Output Format

When documenting Bitcoin node enumeration results, use this structure:

## Bitcoin Node Assessment

### Target: <IP/Hostname>

**Port:** 8333 (mainnet)
**Status:** Open

### Node Information
- **Version:** <Bitcoin Core version>
- **Network:** <mainnet/testnet/signet/regtest>
- **Node ID:** <hex identifier>
- **Last Block:** <block height>
- **User Agent:** <full user agent string>

### Known Peers
- <peer IP>:8333
- <peer IP>:8333
- ...

### Security Observations
- <any relevant findings>

Related Skills

  • Network enumeration skills for other cryptocurrency protocols
  • Nmap scripting for service enumeration
  • Shodan reconnaissance techniques