Mole Icon

Mole

Automatic SQL Injection Exploitation Tool

4.8 Stars (19)
408 Downloads (This Week)
Last Update:
Download The Mole v0.3 - GNU/Linux source
Browse All Files
Windows Mac Linux

Screenshots

Description

Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. The Mole uses a command based interface, allowing the user to indicate the action he wants to perform easily. The CLI also provides auto-completion on both commands and command arguments, making the user type as less as possible.

Mole Web Site

Features

  • Support for Mysql, Postgres, SQL Server and Oracle.
  • Automatic SQL injection exploitation using union technique.
  • Automatic blind SQL injection exploitation.
  • Exploits SQL Injections in GET/POST/Cookie parameters.
  • Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
  • Exploits SQL Injections that return binary data.
  • Powerful command interpreter to simplify its usage.

KEEP ME UPDATED

User Ratings

★★★★★
★★★★
★★★
★★
18
0
0
1
0
ease 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 2 / 5
features 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 3 / 5
design 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 2 / 5
support 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 3 / 5
Write a Review

User Reviews

  • djamana
    1 of 5 2 of 5 3 of 5 4 of 5 5 of 5

    Design could be better. Documentation about how to start and correct use the needle is missing. Also describing a little how the code/algo it working should will be really helpful in understanding and troubleshooting. Just started debugging this in Wing IDE to get it somehow passing the separator detecting stage and clear up the correct use of that 'needle' thing. Code is nice but design/logic could be improved. I mean for ex. -> DomAnalyser.is_valid() compares the whole respond data to say Yes or No will fucking fails if there is some kind of timestamp/hash or thing that changes on reach responds. -> Or the testing with AND like this ...id=9 ' AND 1=1 with OR like this: ...id= ' OR 1=1 it'll be much more clear & simple. That are just 'peaks' of the whole thing here, but what i've seen so far so not very convincing so i'm still more favor for SQLMAP.

    Posted 01/11/2016
  • lisakane
    1 of 5 2 of 5 3 of 5 4 of 5 5 of 5

    Thanks for Themole, it's great!

    Posted 06/06/2013
  • bestgamestoday
    1 of 5 2 of 5 3 of 5 4 of 5 5 of 5

    Impressible project - more powerful than most commercial solutions. Incredible powerful and flexible. Saved me countless hours.

    Posted 05/14/2013
  • idealpetstuff
    1 of 5 2 of 5 3 of 5 4 of 5 5 of 5

    Great stuff, I hope that becoming part of Mole will help to make it even better in the future!

    Posted 04/25/2013
  • dillonbutler
    1 of 5 2 of 5 3 of 5 4 of 5 5 of 5

    no trouble to install and run, works nicely.

    Posted 02/13/2013
Read more reviews

Additional Project Details

Intended Audience

Security

User Interface

Command-line

Programming Language

Python

Registered

2011-09-29
Screenshots can attract more users to your project.
Features can attract more users to your project.