Friday, December 2, 2011

The Mole - New SQL injection tool+tutorial

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.


Support for injections using Mysql, SQL Server, Postgres and Oracle databases.

Command line interface. Different commands trigger different actions.

Auto-completion for commands, command arguments and database, table and columns names.

Support for query filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.

Developed in python 3.

Download tutorial

Download Mole for Winodws

Download Mole for Linux


  1. I don't understand why when I run this program it is opened in CMD, but when i see a screenshot of the program like in the tut. it is in a own box with a tool-line with featues like "File" etc.

    How do I get that.

    In the vid where an anon uses the #refref he also has some kind of similar GUI.

  2. Want to prove me with some URL's / websites that you know have SQL vulnerabilities?

  3. @prayanthem : you can check my previous posts on sql injection vulnerable can also check my post on sql injection with Havij in which I have demonstrated the use of tool on a vulnerable website.

  4. I ment provide* lol :D

    Anyways, I can't find any sites with vulnerabilities with the ' behind the URL, any other way, I didn't quite understand all you wrote on the other posts.

  5. There is complete list of finding SQL vulnerabilities in website...visit this link... ...
    Apart from this and using tool, there is no other way to figure out if a site is vulnerable to sqli or not... I do have some websites vulnerable to sqli but I cant share it in public here...You can find a tutorial on my blog about vulnerability in celebrity websites. On of them is vulnerable to sqli...its upto you to find now.

  6. I am not a programmer but I have this SQL subject this session and have to prepare for it. What all topics should be covered in it?
    And has anyone studied from this course of SQL tutorial online?? or tell me any other guidance...
    would really appreciate help

  7. Fantastic article ! You havemade some very astute statements and I appreciate the the effort you have put into your writing. Its clear that you know what you are writing about. I am excited to read more of your sites content.

  8. .you must got a real facebook hacker hear


    do u wand a real facebook hacker pls click hear

    hack your friend fb account software free download