汉化的是1.10版本,常用的感觉基本都汉化了,丰富了其中的表段,字段,管理员表,使其更适合中国的网络环境。按钮没汉化,不过各位大牛对这个应该不在话下吧?!
顺便说下自己对这款工具的感觉,个人认为它是针对php的,在asp下重来没列出过表段,只能用它来获取网站信息和破解md5了,在php下那是相当强悍,还可以直接编辑数据....
使用方法:直接替换原文件就可以。(不替换直接下载使用也可以,我把它弄成了绿色版)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Havij是一款自动化的SQL注入工具,它能够帮助渗透测试人员发现和利用Web应用程序的SQL注入漏洞。Havij不仅能够自动挖掘可利用的SQL查询,还能够识别后台数据库类型、检索数据的用户名和密码hash、转储表和列、从数据库中提取数据,甚至访问底层文件系统和执行系统命令,当然前提是有一个可利用的SQL注入漏洞。Havij支持广泛的
数据库系统,如 MsSQL, MySQL, MSAccess and Oracle。 Havij支持参数配置以躲避IDS,支持代理,后台登陆地址扫描。
工具特点:
支持的数据库和方法:
MsSQL 2000/2005 with error
MsSQL 2000/2005 no error (union based)
MySQL (union based)
MySQL Blind
MySQL error based
Oracle (union based)
MsAccess (union based)
1.Automatic database detection
2.Automatic type detection (string or integer)
3.Automatic keyword detection (finding difference between the positive and negative response)
4.Trying different injection syntaxes
5.Proxy support
6.Real time result
7.Options for replacing space by /**/,+,... against IDS or filters
8.Avoid using strings (magic_quotes similar filters bypass)
9.Bypassing illegal union
10.Full customizable http headers (like referer and user agent)
11.Load cookie from site for authentication
12.Guessing tables and columns in mysql<5 (also in blind) and MsAccess
13.Fast getting tables and columns for mysql
14.Multi thread Admin page finder
15.Multi thread Online MD5 cracker
16.Getting DBMS Informations
17.Getting tables, columns and data
18.Command executation (mssql only)
19.Reading system files (mysql only)
20.insert/update/delete data
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.Ofcourse most of that is after you have a successful exploit. Not only that, it supports a wide array of databases – MsSQL, MySQL, MSAccess and Oracle! You could also choose to evade IDS detection by simple pre-configured tricks of this tool. You can also try to brute force your way to find the admin directory and yes it does support proxies too!
评论内容只代表网友观点,与本站立场无关!
* 请一定升级到最新版WinRAR3.80才能正常解压本站提供的软件!
* 如果您发现下载链接错误,请点击报告错误谢谢!
* 站内提供的所有软件包含破解及注册码均是由网上搜集,若侵犯了你的版权利益,敬请来信通知我们!