Skip to main content
 首页 » 网络收集

Havij 1.17 Pro破解版

2014年12月27日 18:04:25107170百度已收录

Havij是一款自动化的SQL注入工具,它能够帮助渗透测试人员发现和利用Web应用程序的SQL注入漏洞。此次是Havij Pro v1.17破解版。



1. 安装Havij 1.17

2. 从”Loader”文件夹内拷贝 “Loader.exe” 文件至安装目录

3. 以管理员权限运行”Loader.exe”

4. 点击”Register”


• Dump all

• New bypass technique for MySQL exploitation parenthesis

• Write file feature additional for MSSQL and MySQL.

• Loading HTML type inputs

• Random signature generator

• Saving information in CSV format

• Advanced evasion tab within the settings

• Injection tab in settings

• \’Non-existent injection worth\’ will currently be modified by user (the default value is 999999.9)

• \’Comment mark\’ is modified by user (the default worth is –)

• Disabling/enabling of work

• Bugfix: adding manual information in tables tree read

• Bugfix: finding string columns in PostgreSQL

• Bugfix: MS Access blind string kind information extraction

• Bugfix: MSSQL blind motorcar detection once error-based technique fails

• Bugfix: all information blind strategies fail on rehear

• Bugfix: idea columns/tables in MySQL time-based injection

• Bugfix: blinking once merchandising into file

• Bugfix: loading project injection kind (Integer or String)

• Bugfix: HTTPS multi-threading bug

• Bugfix: command execution in MSSQL 2005


1. Supported Databases with injection methods:

MSSQL 2000/2005 with error

MSSQL 2000/2005 no-error union-based

MSSQL blind

MSSQL time-based

MySQL union-based

MySQL blind

MySQL error-based

MySQL time-based

Oracle union-based

Oracle error-based

Oracle blind

PostgreSQL union-based

MS Access union-based

MS Access blind

Sybase (ASE)

Sybase (ASE) Blind

2. HTTPS support

3. Multi-threading

4. Proxy support

5. Automatic information server detection

6. Automatic parameter kind detection (string or integer)

7. Automatic keyword detection (finding the distinction between positive and negative responses)

8. Automatic scan of all parameters.

9. attempting completely different injection syntaxes

10. choices for substitution house by /**/,+,… against IDS or filters

11. Avoids exploitation strings (bypassing magic_quotes and similar filters)

12. Manual injection syntax support

13. Manual queries with result

14. Forcing extrajudicial union

15. Random signature generator

16. totally customizable protocol headers (like referer, user agent…)

17. Loading cookie(s) from web site for authentication

18. Load HTML type inputs

19. protocol Basic and Digest authentication

20. Injecting uniform resource locator rewrite pages

21. Bypassing ModSecurity internet application firewall and similar firewalls

22. Bypassing WebKnight internet application firewall and similar firewalls

23. Instant result

24. idea tables and columns in MySQL<5 (also in blind) and MS Access

25. fast retrieval of tables and columns for MySQL

26. Resuming a antecedently saved table/column extraction session

27. death penalty SQL question against associate Oracle information

28. Custom keyword replacement in injections

29. obtaining one complete row through one request (all in one request)

30. merchandising information into file

31. Saving information as XML

32. Saving information as CSV format

33. facultative xp_cmdshell and remote desktop

34. Multiple table/column extraction strategies

35. Multi-threaded Admin page finder

36. Multi-threaded on-line MD5 cracker

37. obtaining software package data

38. obtaining tables, columns and information

39. Command execution (MSSQL only)

40. Reading remote system files (MySQL only)

41. Creating/writing to a foreign file (MySQL and MsSQL)

42. Insert/update/delete information

43. Unicode support