Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. The Mole uses a command based interface, allowing the user to indicate the action he wants to perform easily. The CLI also provides auto-completion on both commands and command arguments, making the user type as less as possible.
Features
- Support for Mysql, Postgres, SQL Server and Oracle.
- Automatic SQL injection exploitation using union technique.
- Automatic blind SQL injection exploitation.
- Exploits SQL Injections in GET/POST/Cookie parameters.
- Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
- Exploits SQL Injections that return binary data.
- Powerful command interpreter to simplify its usage.
License
GNU General Public License version 3.0 (GPLv3)Follow Mole
Other Useful Business Software
BrightGauge, a ConnectWise solution, was started in 2011 to fill a missing need in the small-to-medium IT Services industry: a better way to manage data and provide the value of work to clients. BrightGauge Software allows you to display all of your important business metrics in one place through the use of gauges, dashboards, and client reports. Used by more than 1,800 companies worldwide, BrightGauge integrates with popular business solutions on the market, like ConnectWise, Continuum, Webroot, QuickBooks, Datto, IT Glue, Zendesk, Harvest, Smileback, and so many more. Dig deeper into your data by adding, subtracting, multiplying, and dividing one metric against another. BrightGauge automatically computes these formulas for you. Want to show your prospects how quick you are to respond to tickets? Show off your data with embeddable gauges on public sites.
Rate This Project
Login To Rate This Project
User Reviews
-
Design could be better. Documentation about how to start and correct use the needle is missing. Also describing a little how the code/algo it working should will be really helpful in understanding and troubleshooting. Just started debugging this in Wing IDE to get it somehow passing the separator detecting stage and clear up the correct use of that 'needle' thing. Code is nice but design/logic could be improved. I mean for ex. -> DomAnalyser.is_valid() compares the whole respond data to say Yes or No will f***ing fails if there is some kind of timestamp/hash or thing that changes on reach responds. -> Or the testing with AND like this ...id=9 ' AND 1=1 with OR like this: ...id= ' OR 1=1 it'll be much more clear & simple. That are just 'peaks' of the whole thing here, but what i've seen so far so not very convincing so i'm still more favor for SQLMAP.
-
Thanks for Themole, it's great!
-
Impressible project - more powerful than most commercial solutions. Incredible powerful and flexible. Saved me countless hours.
-
Good and useful software
-
Really nice soft.