The sub-techniques beta is now live! Read the release blog post for more info.


Havij is an automatic SQL Injection tool distributed by the Iranian ITSecTeam security company. Havij has been used by penetration testers and adversaries. [1]

ID: S0224
Type: TOOL
Platforms: Linux, Windows, macOS
Version: 1.0
Created: 18 April 2018
Last Modified: 17 October 2018

Techniques Used

Domain ID Name Use
Enterprise T1190 Exploit Public-Facing Application

Havij is used to automate SQL injection.[1]

Groups That Use This Software

ID Name References
G0059 Magic Hound [2]