Jul 10, 2012
Basically why am I even writing this article is for system administrators and webmasters who need to test their sites vulnerabilities and after the testing they could fix it.
The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.
- Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
- Command line interface. Different commands trigger different actions.
- Auto-completion for commands, command arguments and database, table and columns names.
- Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
- Exploits SQL Injections through GET/POST/Cookie parameters.
- Developed in python 3.
- Exploits SQL Injections that return binary data.
- Powerful command interpreter to simplify its usage.
You can download The Mole for your operating system of choice:
Current Release: v0.3 (2012-03-02)
- Windows 32bit executable: themole-0.3-win32.zip
- Tarball-gzipped format: themole-0.3-lin-src.tar.gz
- Zip format: themole-0.3-win-src.zip
- Debian(sid)/Ubuntu(11.04+) package: themole_0.3-1_all.deb
For those who want somewhat stable releases.
Release: v0.2.6 (2011-11-25)
- Windows 32bit executable: themole-0.2.6-win32.zip
- Tarball-gzipped format: themole-0.2.6-lin-src.tar.gz
- Zip format: themole-0.2.6-win-src.zip
Release: v0.2.5 (2011-11-12)
- Windows 32bit executable: themole-0.2.5-win32.zip
- Tarball-gzipped format: themole-0.2.5-src.tar.gz
- Zip format: themole-0.2.5-src.zip
Release: v0.2 (2011-10-26)
Version 0.01a (2011-10-11)
- Tarball-gzipped format: themole-0.01a.tar.gz