Recon, scan, bypass, harden — the complete offensive security pipeline in one pip install. Zero dependencies. 4,000+ payloads. 25 WAF fingerprints.
From reconnaissance to bypass to hardening — Fray covers the complete offensive security workflow.
LLM-generated payloads adapt in real-time. Probe WAF → generate → test → mutate → retry. Works with OpenAI, Anthropic, or local models.
Detect Cloudflare, Akamai, AWS WAF, Azure Front Door, Imperva, Sucuri, Barracuda, F5, and 17 more — signature, anomaly, and hybrid modes.
TLS, DNS, subdomains, CORS, parameters, JavaScript analysis, API discovery, admin panels, WAF intel — all in one command.
Encoding, case variation, null bytes, unicode normalization, comment injection, double encoding, and more — automatic per-WAF mutation.
Security headers graded A-F. OWASP Top 10 misconfig checks. Fix snippets for Nginx, Apache, Cloudflare Workers. One command.
Use Fray as an AI agent from Claude Desktop, Claude Code, ChatGPT, or Cursor. Full Model Context Protocol integration.
Crawl → discover parameters → inject payloads → detect reflection. Smart mode auto-selects the best categories per target.
Auto-discover new CVEs from NVD, CISA KEV, ExploitDB, Nuclei, and security RSS. Classify, translate to payloads, deduplicate, and add to your database.
HTML, JSON, SARIF (GitHub Security tab), Markdown, and AI-optimized output. Webhook notifications to Slack, Discord, Teams.
Python stdlib only (plus rich for output). No Selenium, no Playwright, no compiled extensions. Works everywhere Python runs.
Every command works standalone or as part of the fray auto pipeline.
| Command | What it does | When to use |
|---|---|---|
| fray auto | Full pipeline: recon → scan → ai-bypass in one command | First run against a new target |
| fray scan | Crawl → discover params → inject payloads → detect reflection | Unknown app, need to find injection points |
| fray recon | 27 checks: TLS, DNS, subdomains, CORS, params, JS, API, admin panels | Pre-engagement target profiling |
| fray detect | Fingerprint 25 WAF vendors (signature / anomaly / hybrid) | Always run first — informs everything else |
| fray test | 4,000+ payloads across 23 categories with adaptive throttling | Known injection point, want broad payload coverage |
| fray bypass | 5-phase WAF evasion scorer with mutation feedback loop | WAF is blocking you — deterministic evasion, no API key needed |
| fray ai-bypass | Probe WAF → LLM generates payloads → test → mutate → header tricks | bypass isn't working — let an LLM generate custom evasions |
| fray agent | Self-improving payload agent: probe → mutate → learn → cache patterns | Repeat testing same WAF — gets smarter each run |
| fray harden | Security headers A-F grade + OWASP Top 10 misconfig checks + fix snippets | Defensive posture review, pre/post WAF change |
| fray feed | Threat intel feed: auto-discover CVEs → translate to payloads → deduplicate → add | Keep payload database current with new CVEs |
| fray graph | Visual attack surface tree | Map all endpoints before testing |
| fray osint | WHOIS, emails, GitHub org, typosquatting detection | Target discovery & brand monitoring |
Not sure which bypass command to use? See the comparison guide →
pip install fraybrew install fraysudo apt install fraywinget install frayOr: pip install fray in PowerShell
Scan, test, bypass, detect, harden — all from your editor. HTML reports + inline diagnostics.
NEWAdd uses: dalisecurity/fray@v3 to any workflow. Auto PR comments with results.
14 tools for Claude Desktop, Claude Code, ChatGPT, Cursor. Ask AI to run security scans.
LIVECurated from real CVEs, bug bounty reports, WAF bypass research, and community sources.
1,209 payloads — DOM, framework-specific, WAF bypass, encoding, async, SVG, MathML
248 payloads — blind, time-based, error-based, stacked, UNION, WAF bypass
200 payloads — Unix/Windows, reverse shells, OOB, wildcard bypass
370 payloads — jailbreaks, system prompt extraction, encoding bypass
122 payloads — cloud metadata, DNS rebinding, protocol smuggling
122 payloads — Jinja2, Freemarker, Twig, Mako, EJS, Pug, Velocity
Fray is free, open-source, and MIT licensed. Install in seconds and find what your WAF misses.