Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
Command line interface. Different commands trigger different actions.
Auto-completion for commands, command arguments and database, table and columns names.
Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
Exploits SQL Injections through GET/POST/Cookie parameters.
Developed in python 3.
Exploits SQL Injections that return binary data.
- Powerful command interpreter to simplify its usage.
Current Release: v0.3 (2012-03-02)
Windows 32bit executable: themole-0.3-win32.zip
Tarball-gzipped format: themole-0.3-lin-src.tar.gz
- Zip format: themole-0.3-win-src.zip
Current Bug-Free version
Even though we want to keep the release up-to-date, it is impossible to make one for every single patch we have applied to the current version to fix a bug. We strongly recommend using the bugfix branch from our repository. To get it, execute:
git clone -b bugfix git://git.code.sf.net/p/themole/code themole-code
In order to put it up to date, before using it, update it by executing:
git pull origin bugfix
* Enabled injection through cookie paramters.
* New filtering mechanism enabling better manipulation and easier filter development.
* Added several of those filters.
* SQL Injections that return binary data are now exploitable.
* DMBS credentials listing.