The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the vulnerability and exploit it, either by using the union technique or a boolean query based technique.
- Support for Mysql, Postgres, SQL Server and Oracle.
- Automatic SQL injection exploitation using union technique.
- Automatic blind SQL injection exploitation.
- Exploits SQL Injections in GET/POST/Cookie parameters.
- Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
- Exploits SQL Injections that return binary data.
- Powerful command interpreter to simplify its usage.
How To Use The Mole
./mole.py -u 'http://192.168.0.142/vulnerable/sqli.php?id=1' -n 'admin'
For Windows Users
Windows users shoud be aware that when using the “-u” command line argument, the “&” characters have to be escaped manually using the “^” character. Therefore, if the URL has two parameters, it should look like this:
mole.exe -u http://192.168.0.142/vulnerable/sqli.php?param=1^&id=1 -n 'admin'
You can also set the URL by using the “url” command, so you can paste the URL without quoting it. The needle can also be set using the “needle” command.