The Mole – Automatic SQL Injection SQLi Exploitation Tool

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.

Features

  • Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
  • Command line interface. Different commands trigger different actions.
  • Auto-completion for commands, command arguments and database, table and columns names.
  • Support for query filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
  • Developed in python 3If you want to know how to use The Mole there’s a good tutorial here.You can download The Mole here:

    Windows: themole-0.2.6-win32.zip
    Linux: themole-0.2.6-lin-src.tar.gz

    Or read more here.

DDOSIM – Layer 7 DDoS Simulator

ddosim is a tool that can be used in a laboratory environment to simulate a distributed denial of service (DDOS) attack against a target server. The test will show the capacity of the server to handle application specific DDOS attacks. ddosim simulates several zombie hosts (having random IP addresses) which create full TCP connections to the target server. After completing the connection, ddosim starts the conversation with the listening application (e.g. HTTP server).

ddosim is written in C++ and runs on Linux. Its current functionalities include:

  • HTTP DDoS with valid requests
  • HTTP DDoS with invalid requests (similar to a DC++ attack)
  • SMTP DDoS
  • TCP connection flood on random port

In order to simulate such an attack in a lab environment we need to setup a network like this:

Download : ddosim-0.2.tar.gz