Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software, user can perform back-end database fingerprinting, retrieve DBMS login names and password hashes, dump tables and columns, fetch data from the database, execute SQL statements against the server, and even access the underlying file system and execute operating system shell commands.
The distinctive power of Havij that differentiates it from similar tools lies in its unique methods of injection. The success rate of attack on vulnerable targets using Havij is above 95%. The user friendly GUI (Graphical User Interface) of Havij and its automated configuration and heuristic detections make it easy to use for everyone even amateurs.
Key Features
Supported Databases with injection methods:
MsSQL 2000/2005 with error
MsSQL 2000/2005 no error union based
MsSQL Blind
MySQL time based
MySQL union based
MySQL Blind
MySQL error based
MySQL time based
Oracle union based
Oracle error based
PostgreSQL union based
MsAccess union based
MsAccess Blind
Sybase (ASE)
Sybase (ASE) Blind
HTTPS support
Multi-threading
Proxy support
Automatic database server detection
Automatic type detection (string or integer)
Automatic keyword detection (finding difference between the positive and negative response)
Automatic scan of all parameters.
Trying different injection syntaxes
Options for replacing space by /**/,+,… against IDS or filters
Avoids using strings (bypassing magic_quotes and similar filters)
Installation Guide
Download files from the links provided below
Extract them using winRAR,winZIP or any other tool
Run Havij 1.17 PRO.exe
Copy and paste loader.exe in the folder where havij is installed (probably it is C:\Program Files (x86)\ITSecTeam\Havij Pro)