havij is an automated tool forSQL injection which allows penetration testers to find and identify SQL vulnerabilities in a website. It is developed by ITSecTeam, an Iranian security company.
Havij was released in 2010 and since its release several other SQL injection tools (such as sqlmap) have been introduced. However, Havij is still active and commonly used by penetration testers.
What can we do with Havij?
By using this software, a user can recover database users, passwords, tables and columns, and even run some linux commands remotely on the operating system of the hosting server.
The power of havij What makes it different from other IT security auditing tools are its injection methods. The success rate of a SQL injection is greater than 95%.
How to detect an SQL flaw with Havij?
To use this tool, you must first learn how an SQL injection works.
- To start, download the havij tool then launch the installation.
- After launching the tool, a window looks like the image below:
- Then in Target, put the address of your target (having an SQL flaw) example:
- Then click Analyze.
- Wait until the Status returns I'm IDLE.
- Then you can retrieve all the tables from the site database by clicking on Tables and get tables.
And to better understand the usefulness of havij, I present to you a very useful video that I found on YouTube.