Fray
★ 53
vs
code-pathfinder
★ 135
Fray vs code-pathfinder
Fray: Fray is an open-source WAF security testing toolkit designed to provide a complete workflow for security professionals, from automated crawling and parameter discovery to payload injection and reporting. Unlike static payload collections, Fray offers a dynamic approach to scanning, detecting WAFs, and testing against 5,500+ payloads across 24 OWASP categories.; code-pathfinder: Code Pathfinder is an open-source, AI-native static code analysis tool that builds a queryable graph of your codebase for security teams. It uses AST, CFG, and DFG to trace data flows across multiple languages and provides context-aware vulnerability detection and triage.
01
TL;DR
Choose Fray if…Bug Bounty Hunters: Discover hidden parameters, old endpoints, bypass WAFs, and generate reports.
Choose code-pathfinder if…Detect CVEs and conduct vulnerability research by understanding dependency usage and attack surfaces.
02
Side-by-Side Comparison
Field
Fraycode-pathfinderCategory
Browser Automation
Observability
Stars
★ 53
★ 135
License
NOASSERTION
AGPL-3.0
Updated
2mo ago
2d ago
Open Source
Yes
Yes
Tags
WAF, Security Testing, Vulnerability Scanner
AI-Native Security, Static Code Analysis (SAST), Vulnerability Scanner
03
Features
Fray01Automated Attack Surface Mapping: Crawls, discovers injection points, and tests payloads with reflection detection.
02Comprehensive Reconnaissance: Performs 21 automated checks including parameter discovery, JS endpoint extraction, and API discovery.
03Adaptive Payload Testing: 'Smart' mode recommends payloads based on detected technology stack.
04WAF Detection & Bypass: Fingerprints 25 WAF vendors and identifies potential bypass strategies.
05CI/CD Integration & Reporting: Supports SARIF output for GitHub Security tab, JSON output for pipelines, and HTML/Markdown reports.
code-pathfinder01Structural code analysis using AST, CFG, and DFG to find exploit paths.
02AI-powered vulnerability triage and context-aware validation with LLMs.
03Unified data flow tracing across multiple languages (Python, Docker, Docker Compose).
04Flexible deployment as IDE extension, CLI tool, or integrated into CI/CD pipelines.
04
Use Cases
Fray↳Bug Bounty Hunters: Discover hidden parameters, old endpoints, bypass WAFs, and generate reports.
↳Pentesters: Conduct full reconnaissance and automated scans with client-ready HTML reports.
↳Blue Teams: Validate WAF rules and perform regression testing after configuration changes.
↳DevSecOps: Integrate into CI/CD pipelines for WAF testing, failing builds on bypasses.
code-pathfinder↳Detect CVEs and conduct vulnerability research by understanding dependency usage and attack surfaces.
↳Provide deep code intelligence (call graphs, data flows) to AI coding assistants like Claude.
↳Perform in-editor security checks to catch vulnerable patterns during code writing.
↳Integrate into CI/CD pipelines for automated security scanning with SARIF output.
05
Best For
FrayHidden GemSecurity & Safety
code-pathfinderTrendingCode AssistantSecurity & Safety
FAQ
FAQ
What is the difference between Fray and code-pathfinder?
Both Fray and code-pathfinder are in the Browser Automation category. Fray has 53 stars, while code-pathfinder has 135 stars.
Which is better, Fray or code-pathfinder?
The best choice depends on your use case. Choose Fray if Bug Bounty Hunters: Discover hidden parameters, old endpoints, bypass WAFs, and generate reports., and code-pathfinder if Detect CVEs and conduct vulnerability research by understanding dependency usage and attack surfaces..
Is Fray free or open source?
Yes, Fray is open source on GitHub (NOASSERTION).
Is code-pathfinder free or open source?
Yes, code-pathfinder is open source on GitHub (AGPL-3.0).
→