Mole

Automatic SQL Injection Exploitation Tool

Brought to you by: mfontanini, san-lt-ss

12 Reviews

Downloads: 5 This Week

Last Update: 2016-11-28

Download

Get an email when there's a new version of Mole

Windows Mac Linux BSD ChromeOS

Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. The Mole uses a command based interface, allowing the user to indicate the action he wants to perform easily. The CLI also provides auto-completion on both commands and command arguments, making the user type as less as possible.

Features

Support for Mysql, Postgres, SQL Server and Oracle.
Automatic SQL injection exploitation using union technique.
Automatic blind SQL injection exploitation.
Exploits SQL Injections in GET/POST/Cookie parameters.
Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
Exploits SQL Injections that return binary data.
Powerful command interpreter to simplify its usage.

Project Samples

Project Activity

See All Activity >

License

GNU General Public License version 3.0 (GPLv3)

Follow Mole

Mole Web Site

Other Useful Business Software

Intelligent testing agents | Checksum.ai

Checksum generates, runs, and maintains end-to-end tests automatically so your team ships with confidence as code output grows.

Coding agents write the code. Checksum runs it—continuously testing against real APIs, real data, real edge cases—before it ever reaches production.

Learn More

Rate This Project

User Ratings

4.8 out of 5 stars

★★★★★

★★★★

★★★

★★

★

ease 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 2 / 5

features 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 3 / 5

design 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 2 / 5

support 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 3 / 5

User Reviews

Filter Reviews:

All

djamana Posted 2016-01-11

Design could be better. Documentation about how to start and correct use the needle is missing. Also describing a little how the code/algo it working should will be really helpful in understanding and troubleshooting. Just started debugging this in Wing IDE to get it somehow passing the separator detecting stage and clear up the correct use of that 'needle' thing. Code is nice but design/logic could be improved. I mean for ex. -> DomAnalyser.is_valid() compares the whole respond data to say Yes or No will f***ing fails if there is some kind of timestamp/hash or thing that changes on reach responds. -> Or the testing with AND like this ...id=9 ' AND 1=1 with OR like this: ...id= ' OR 1=1 it'll be much more clear & simple. That are just 'peaks' of the whole thing here, but what i've seen so far so not very convincing so i'm still more favor for SQLMAP.
lisakane Posted 2013-06-06

Thanks for Themole, it's great!

1 user found this review helpful.
bestgamestoday Posted 2013-05-14

Impressible project - more powerful than most commercial solutions. Incredible powerful and flexible. Saved me countless hours.

2 users found this review helpful.
a11922256 Posted 2012-12-18

Good and useful software
mcranjne Posted 2012-08-09

Really nice soft.

Additional Project Details

Intended Audience

Security

User Interface

Command-line

Programming Language

Python

Related Categories

Python Database Software, Python Security Software

Registered

2011-09-29

Similar Business Software

ManageEngine Endpoint Central

ManageEngine Endpoint Central is built to secure the digital workplace while also giving IT teams complete control over their enterprise endpoints. It delivers a security-first approach by combining advanced endpoint protection with comprehensive management, allowing IT teams to manage the...

See Software
Google Cloud BigQuery

BigQuery is a serverless, multicloud data warehouse that simplifies the process of working with all types of data so you can focus on getting valuable business insights quickly. At the core of Google’s data cloud, BigQuery allows you to simplify data integration, cost effectively and securely...

See Software
Criminal IP

Criminal IP is a cyber threat intelligence solution that provides decision-ready threat intelligence, and attack surface management solutions to security teams worldwide. By continuously scanning the global internet, Criminal IP aggregates and contextualizes threat signals across IPs, domains,...

See Software
DbVisualizer

DbVisualizer is a universal database client for anyone who works with data, from solo developers and startups to professional teams managing complex environments, including developers, DBAs, analysts, and data engineers working with relational and NoSQL databases. It offers a graphical interface...

See Software
ManageEngine ADAudit Plus

ADAudit Plus helps keep your Windows Server ecosystem secure and compliant by providing full visibility into all activities. ADAudit Plus provides a clear picture of all changes made to your AD resources including AD objects and their attributes, group policy, and more. AD auditing helps detect...

See Software
New Relic

There are an estimated 25 million engineers in the world across dozens of distinct functions. As every company becomes a software company, engineers are using New Relic to gather real-time insights and trending data about the performance of their software so they can be more resilient and...

See Software

Report inappropriate content

Intelligent testing agents | Checksum.ai

Checksum generates, runs, and maintains end-to-end tests automatically so your team ships with confidence as code output grows.

Coding agents write the code. Checksum runs it—continuously testing against real APIs, real data, real edge cases—before it ever reaches production.

Learn More

Recommended Projects

Tyrant SQL
Tyrant SQL is a Havij based cross-platform. It's Sqlmap's gui version.
sqliv
Massive SQL injection vulnerability scanner for automated web testing
Metasploit Framework
Metasploit Framework
sqlmap
Automatic SQL injection and database takeover tool
Slonik
A Node.js PostgreSQL client with runtime and build time type safety