Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. The Mole uses a command based interface, allowing the user to indicate the action he wants to perform easily. The CLI also provides auto-completion on both commands and command arguments, making the user type as less as possible.

Features

  • Support for Mysql, Postgres, SQL Server and Oracle.
  • Automatic SQL injection exploitation using union technique.
  • Automatic blind SQL injection exploitation.
  • Exploits SQL Injections in GET/POST/Cookie parameters.
  • Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
  • Exploits SQL Injections that return binary data.
  • Powerful command interpreter to simplify its usage.

Project Samples

Project Activity

See All Activity >

Categories

Database, Security

License

GNU General Public License version 3.0 (GPLv3)

Follow Mole

Mole Web Site

Other Useful Business Software
Automated quote and proposal software for IT solution providers. | ConnectWise CPQ Icon
Automated quote and proposal software for IT solution providers. | ConnectWise CPQ

Create IT quote templates, automate workflows, add integrations & price catalogs to save time & reduce errors on manual data entry & updates.

ConnectWise CPQ, formerly ConnectWise Sell, is a professional quote and proposal automation software for IT solution providers. ConnectWise CPQ offers a wide range of tools that enables IT solution providers to save time, quote more, and win big. Top features include professional quote or proposal templates, product catalog and sourcing, workflow automation, sales reporting, and integrations with best-in-breed solutions like Cisco, Dell, HP, and Salesforce.
Rate This Project
Login To Rate This Project

User Ratings

★★★★★
★★★★
★★★
★★
11
0
0
1
0
ease 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 2 / 5
features 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 3 / 5
design 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 2 / 5
support 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 3 / 5

User Reviews

  • Design could be better. Documentation about how to start and correct use the needle is missing. Also describing a little how the code/algo it working should will be really helpful in understanding and troubleshooting. Just started debugging this in Wing IDE to get it somehow passing the separator detecting stage and clear up the correct use of that 'needle' thing. Code is nice but design/logic could be improved. I mean for ex. -> DomAnalyser.is_valid() compares the whole respond data to say Yes or No will f***ing fails if there is some kind of timestamp/hash or thing that changes on reach responds. -> Or the testing with AND like this ...id=9 ' AND 1=1 with OR like this: ...id= ' OR 1=1 it'll be much more clear & simple. That are just 'peaks' of the whole thing here, but what i've seen so far so not very convincing so i'm still more favor for SQLMAP.
  • Thanks for Themole, it's great!
    1 user found this review helpful.
  • Impressible project - more powerful than most commercial solutions. Incredible powerful and flexible. Saved me countless hours.
    2 users found this review helpful.
  • Good and useful software
  • Really nice soft.
Read more reviews >

Additional Project Details

Intended Audience

Security

User Interface

Command-line

Programming Language

Python

Related Categories

Python Database Software, Python Security Software

Registered

2011-09-29