Jump to content
TheHotfix.net is closing! Read more... ×
Sign in to follow this  

Havij v1.1 Advanced SQL Injection

Recommended Posts

Hello, this is not mine, just sharing. A great tool for SQL Injecting. It's used for study and security purpose. Hope you all dont miss use it. I use it for scanning any vuln on my websites.

Version 1.10

Advanced SQL Injection Tool

Copyright © 2009-2010


Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.

It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.

The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.

The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.



Supported Databases with injection methods:

  • MsSQL 2000/2005 with error
  • MsSQL 2000/2005 no error (union based)
  • MySQL (union based)
  • MySQL Blind
  • MySQL error based
  • Oracle (union based)
  • MsAccess (union based)

  • Automatic database detection
  • Automatic type detection (string or integer)
  • Automatic keyword detection (finding difference between the positive and negative response)
  • Trying different injection syntaxes
  • Proxy support
  • Real time result
  • Options for replacing space by /**/,+,... against IDS or filters
  • Avoid using strings (magic_quotes similar filters bypass)
  • Bypassing illegal union
  • Full customizable http headers (like referer and user agent)
  • Load cookie from site for authentication
  • Guessing tables and columns in mysql<5 (also in blind) and MsAccess
  • Fast getting tables and columns for mysql
  • Multi thread Admin page finder
  • Multi thread Online MD5 cracker
  • Getting DBMS Informations
  • Getting tables, columns and data
  • Command executation (mssql only)
  • Reading system files (mysql only)
  • insert/update/delete data

DOWNLOAD ( seriously there are no virus. nvt result below )

File Info

Report date: 2010-08-09 16:44:14 (GMT 1)

File name: havij-1-10-exe

File size: 1912868 bytes

MD5 Hash: e6973d7ba03112bafa47e8d91af0c31c

SHA1 Hash: 3874a49b727e3cb6334c4869a763cf02461ef009

Detection rate: 0 on 16 (0%)

Status: CLEAN


a-squared -

Avast -


Avira AntiVir -

BitDefender -

ClamAV -

Comodo -

Dr.Web -


Ikarus T3 -

Kaspersky -

NOD32 -

Panda -

TrendMicro -

VBA32 -

VirusBuster -

Scan report generated by


Edited by anazhd

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this