The Mole: Automatic SQL Injection exploitation tool

by Black on December 14, 2011

in Penetration Testing, Portable, Security Reconnaissance, Security tools, Web Application Penetration Testing

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.

The Mole

Features of The Mole

Support for injections using Mysql, SQL Server, Postgres and Oracle databases.

Command line interface. Different commands trigger different actions.

Auto-completion for commands, command arguments and database, table and columns names.

Support for query filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.

Exploits SQL Injections through GET and POST methods.

Developed in python 3.

python 3 & lxml is required and good thing is The Mole is OS independent.

Some examples of using mole

./mole.py -u ‘http://192.168.0.142/vulnerable/sqli.php?id=1′ -n ‘admin’

mole.exe -u http://192.168.0.142/vulnerable/sqli.php?param=1^&id=1 -n ‘admin’

Video tutorial

Download The Mole:

The Molehttp://themole.sourceforge.net/?q=downloads

0

If you enjoyed this article, you might also like:

Tagged as: , , ,

{ 0 comments… add one now }

Leave a Comment

* Copy this password:

* Type or paste password here:

Previous post:

Next post: