devil

The Mole v0.3 Released - SQL Injection tool


Nasel has released the new version of its Automatic SQL injection tool, The Mole. This tool only take the vulnerable URL with a valid string and do the exploitation work.
This release has introduced new features compared with the previous one, among these you can find that The Mole is now able to exploit injections thourgh cookie parameters. A new promising feature is that now you can exploit injections that return binary data, to achieve this the mole uses uses HEAD requests and analyzes the headers received (the size of the binary to download usually differs when the query was successful or not) and does not need to download the full binary data.

In this release there has been a major change in the The Mole's architecture, and now allows to easily insert filters in order to bypass IPS/IDS rules or modify the query on runtime. You can see a tutorial on how to write these filters in the tutorial section of the tool's site.


Feature:

  1. Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
  2. Command line interface. Different commands trigger different actions.
  3. Auto-completion for commands, command arguments and database, table and columns names.
  4. Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
  5. Exploits SQL Injections through GET/POST/Cookie parameters.
  6. Developed in python 3.
  7. Exploits SQL Injections that return binary data.
  8. Powerful command interpreter to simplify its usage.


ADVERTISEMENT
Subscribe to this Blog via Email :

Would love to here from you...