Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. The Mole uses a command based interface, allowing the user to indicate the action he wants to perform easily. The CLI also provides auto-completion on both commands and command arguments, making the user type as less as possible.


  • Support for Mysql, Postgres, SQL Server and Oracle.
  • Automatic SQL injection exploitation using union technique.
  • Automatic blind SQL injection exploitation.
  • Exploits SQL Injections in GET/POST/Cookie parameters.
  • Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
  • Exploits SQL Injections that return binary data.
  • Powerful command interpreter to simplify its usage.

Project Samples

Project Activity

See All Activity >


Database, Security

Follow Mole

Mole Web Site

Other Useful Business Software

Monitor your Cisco ASA like an expert Monitor your Cisco ASA like an expert Icon
Monitor your Cisco ASA like an expert Icon

See how Network Insight™ for Cisco® ASA, a feature of SolarWinds Network Performance Monitor and Network Configuration Manager, can help.

Get visibility into the health and performance of your entire Cisco ASA environment in a single dashboard. View VPN tunnel status and monitor firewall high availability, health, and readiness. Automatically discover and filter within ACLs, show rule hit counts, and detect shadow and redundant rules. Automate the monitoring and management of your ASA infrastructure in a fully integrated solution. Try it free for 30 days!

Rate This Project

Login To Rate This Project

User Ratings

ease 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 2 / 5
features 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 3 / 5
design 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 2 / 5
support 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 3 / 5

User Reviews

  • Design could be better. Documentation about how to start and correct use the needle is missing. Also describing a little how the code/algo it working should will be really helpful in understanding and troubleshooting. Just started debugging this in Wing IDE to get it somehow passing the separator detecting stage and clear up the correct use of that 'needle' thing. Code is nice but design/logic could be improved. I mean for ex. -> DomAnalyser.is_valid() compares the whole respond data to say Yes or No will fucking fails if there is some kind of timestamp/hash or thing that changes on reach responds. -> Or the testing with AND like this ' AND 1=1 with OR like this: ' OR 1=1 it'll be much more clear & simple. That are just 'peaks' of the whole thing here, but what i've seen so far so not very convincing so i'm still more favor for SQLMAP.

  • Thanks for Themole, it's great!

    1 user found this review helpful.
  • Impressible project - more powerful than most commercial solutions. Incredible powerful and flexible. Saved me countless hours.

    2 users found this review helpful.
  • Great stuff, I hope that becoming part of Mole will help to make it even better in the future!

    2 users found this review helpful.
  • Good and useful software

Read more reviews >

Additional Project Details

Intended Audience


User Interface


Programming Language