Fray — WAF Bypass & Security Testing Toolkit

🌐 Language: English | 日本語

⚔️ Open-source WAF bypass toolkit — recon, scan, bypass, harden. Zero dependencies.

FOR AUTHORIZED SECURITY TESTING ONLY — Only test systems you own or have explicit written permission to test.

Fray is the missing link between wafw00f (detection) and sqlmap (exploitation) — a complete recon → bypass → harden pipeline in one pip install.

---

How Fray Compares

	Fray	Nuclei	XSStrike	wafw00f	sqlmap
WAF bypass engine	✅ AI + mutation	❌	Partial	❌	Tamper scripts
WAF detection	25 vendors + mode	Via templates	Basic	150+ vendors	Basic
Recon pipeline	27 checks	Separate tools	Crawl only	❌	❌
Payload database	4,000+ built-in	Community templates	XSS only	❌	SQLi only
OWASP hardening	✅ A-F grade	❌	❌	❌	❌
MCP / AI agent	14 tools	❌	❌	❌	❌
Zero dependencies	✅ stdlib only	Go binary	pip	pip	pip

Most payload collections are static text files. Fray is a complete detect → recon → scan → bypass → harden workflow in one pip install.

---

Quick Start

pip install fray                # PyPI (all platforms)
sudo apt install fray            # Kali Linux / Debian
brew install fray                # macOS

fray auto https://example.com          # Full pipeline: recon → scan → bypass
fray scan https://example.com          # Auto crawl → inject → detect reflection
fray recon https://example.com         # 27-check reconnaissance

If Fray helped your recon workflow, please ⭐ star the repo — it helps others find it.

---

What Fray Does

Command	What it does
fray auto	Full pipeline: recon → scan → ai-bypass in one command
fray scan	Crawl → discover params → inject payloads → detect reflection
fray recon	27 checks: TLS, DNS, subdomains, CORS, params, JS, API, admin panels, WAF intel
fray ai-bypass	Probe WAF → LLM generates payloads → test → mutate → header tricks
fray bypass	5-phase WAF evasion scorer with mutation feedback loop
fray harden	Security headers (A-F grade) + OWASP Top 10 misconfig checks + fix snippets
fray detect	Fingerprint 25 WAF vendors (signature / anomaly / hybrid)
fray test	4,000+ payloads across 23 categories with adaptive throttling
fray graph	Visual attack surface tree

Built-in options: --scope (scope enforcement) · --stealth (randomized UA, jitter) · -w 4 (concurrent) · --cookie / --bearer (auth) · --sarif (GitHub Security tab) · --json · --ai (LLM output)

Scan guide → · Recon guide → · Auth guide → · CI/CD guide →

---

VS Code Extension

Run Fray directly from your editor — scan, test, bypass, detect, and harden without leaving VS Code.

Cmd+Shift+P → "Fray: Run Command..."

• 11 commands — Scan, Test, Bypass, Detect, Harden, Recon, OSINT, Leak Search, and more
• Right-click scan — Select a URL in any file → context menu → scan
• HTML report — Rich in-editor report with stat cards and bypass tables (Cmd+Shift+R)
• Inline diagnostics — Bypass findings appear as warnings/errors in the editor
• Activity bar sidebar — Browse results and scan history
• Status bar — Live scan progress indicator

Extension README →

---

MCP Server — AI Agent Integration

Fray exposes 14 tools via the Model Context Protocol (MCP) — use Fray as an AI security agent from Claude Desktop, Claude Code, ChatGPT, Cursor, or any MCP-compatible client.

pip install 'fray[mcp]'

Add to ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "fray": {
      "command": "python",
      "args": ["-m", "fray.mcp_server"]
    }
  }
}

Ask: "What XSS payloads bypass Cloudflare?" → Fray's 14 MCP tools are called directly.

Claude Code guide → · ChatGPT guide → · mcp.json →

Tool	What it does
suggest_payloads_for_waf	Best bypass payloads for a specific WAF
generate_bypass_strategy	Mutation strategies for blocked payloads
search_payloads	Full-text search across 4,000+ payloads
analyze_response	False negative detection: soft blocks, challenges
hardening_check	Security headers audit with grade + rate-limit check

See all 14 MCP tools →

---

4,000+ Payloads · 23 Categories · 175 CVEs

The largest open-source WAF payload database — curated for real-world penetration testing and bug bounty hunting.

Category	Count	Category	Count
XSS (Cross-Site Scripting)	1,209	SSRF	122
SQL Injection	248	SSTI	122
Command Injection (RCE)	200	XXE	84
AI/LLM Prompt Injection	370	Path Traversal (LFI/RFI)	109
Modern Bypasses	137	CSP Bypass	104
API Security	130	Prototype Pollution	110

Payload database → · CVE coverage →

---

Advanced Usage

fray graph example.com --deep       # Visual attack surface tree (27 checks)
fray ai-bypass target.com -c xss    # AI-assisted adaptive bypass (LLM or local)
fray harden target.com              # OWASP hardening audit (A-F grade + fix snippets)
fray explain log4shell              # CVE intelligence with payloads
fray diff before.json after.json    # Regression testing (exit 1 on bypass)
fray report results.json --html     # Client-ready HTML report

WAF detection guide → · All documentation (30 guides) →

---

Contributing

See CONTRIBUTING.md. For AI coding agents, see AGENTS.md.

Questions? Open a Discussion or browse the docs.

Legal

MIT License — See LICENSE. Only test systems you own or have explicit authorization to test.

Security issues: soc@dalisec.io · SECURITY.md

---

📖 Docs · Roadmap · PyPI · Issues · Discussions

Related Projects

• wafw00f — WAF fingerprinting and detection (150+ vendors)
• WhatWaf — WAF detection and bypass tool
• XSStrike — Advanced XSS scanner with WAF evasion
• sqlmap — SQL injection detection and exploitation
• Nuclei — Template-based vulnerability scanner
• PayloadsAllTheThings — Web security payloads and bypasses
• SecLists — Security assessment wordlists
• Awesome WAF — Curated list of WAF tools and bypasses