havij is an automated tool forSQL injection which allows penetration testers to find and identify SQL vulnerabilities on a website. It is developed by ITSecTeam, an Iranian security company.
Havij was released in 2010 and since its release several other SQL injection tools (such as sqlmap) have been introduced. However, Havij is still active and commonly used by penetration testers.
What can we do with Havij?
Using this software, a user can recover a database's users, passwords, tables and columns, and even run linux commands remotely on the operating system of the hosting server.
The power of havij What makes it different from other IT security auditing tools are its injection methods. The success rate of a SQL injection is greater than 95%.
How to detect an SQL flaw with Havij?
To use this tool, you must first learn how SQL injection works.
- To get started, download the havij tool then launch the installation.
- After launching the tool, a window appears like the image below:
Havij SQL injection software interface - Then in Target, put the address of your target (having an SQL flaw) example:
- Then click Analyze.
- Wait until the Status returns I'm IDLE.
- Then you can retrieve all the tables from the site database by clicking on Tables and get tables.
And to better understand the usefulness of havij, I present to you a very useful video that I found on YouTube.