AgentIndex icon
AgentIndex
ToolsCategoriesTrendingNewCompare
Submit Tool
Home/
Browser Automation/
Fray
Fray logo

Fray

Active·★ 53·NOASSERTION·Updated 2026-03-17
★ Hidden Gem★ Security & Safety

Open-source WAF bypass toolkit — 6,300+ payloads, 27 recon checks, AI-assisted bypass, security hardening. For pentesters, bug bounty hunters, and DevSecOps.

Fray is an open-source WAF security testing toolkit designed to provide a complete workflow for security professionals, from automated crawling and parameter discovery to payload injection and reporting. Unlike static payload collections, Fray offers a dynamic approach to scanning, detecting WAFs, and testing against 5,500+ payloads across 24 OWASP categories.

#WAF#Security Testing
© 2026 AgentIndex.app|Built by a 10-year iOS Developer.
QYSGitHubBuy me a coffee ☕

Browse by Category

Code AssistantWorkflow AutomationRAG / Knowledge BaseMulti-AgentBrowser AutomationLLM InfraDev ToolingObservability

Not affiliated with Anthropic, OpenAI or Microsoft.

#Vulnerability Scanner
#Penetration Testing
#Reconnaissance
#Payload Injection
#Bug Bounty
#DevSecOps
$ Install
$ pip install fray
↗ Visit site★ GitHub
01

Features

01Automated Attack Surface Mapping: Crawls, discovers injection points, and tests payloads with reflection detection.
02Comprehensive Reconnaissance: Performs 21 automated checks including parameter discovery, JS endpoint extraction, and API discovery.
03Adaptive Payload Testing: 'Smart' mode recommends payloads based on detected technology stack.
04WAF Detection & Bypass: Fingerprints 25 WAF vendors and identifies potential bypass strategies.
05CI/CD Integration & Reporting: Supports SARIF output for GitHub Security tab, JSON output for pipelines, and HTML/Markdown reports.
02

Compatibility

Python
Runtime
Verified via docs
03

Quick start

1
$ pip install fray
04

Use cases

↳Bug Bounty Hunters: Discover hidden parameters, old endpoints, bypass WAFs, and generate reports.
↳Pentesters: Conduct full reconnaissance and automated scans with client-ready HTML reports.
↳Blue Teams: Validate WAF rules and perform regression testing after configuration changes.
↳DevSecOps: Integrate into CI/CD pipelines for WAF testing, failing builds on bypasses.
05

Alternatives

CopilotKit logo
CopilotKit★ 31.8k
React UI + elegant infrastructure for AI Copilots, AI chatbots, and in-app AI agents. The Agentic Frontend.
vs →
mcp-chrome logo
mcp-chrome★ 11.8k
Chrome MCP Server is a Chrome extension-based Model Context Protocol (MCP) server that exposes your Chrome browser functionality to AI assistants like Claude, enabling complex browser automation, content analysis, and semantic search.
vs →
hexstrike-ai logo
hexstrike-ai★ 9.0k

Related searches

Fray AlternativesBest Browser Automation Tools 2026Open Source Browser AutomationFray TutorialFray Vs CompetitorsWAFSecurity TestingVulnerability Scanner

Comments

Log in to leave a comment
  • S
    Sage GarciaApr 24, 2026

    Source via MCP is exactly the right abstraction. Would recommend for solid use cases.

  • P
    Phoenix WhiteMar 17, 2026

    Source via MCP is exactly the right abstraction. Works reliably in production environments.

  • Spencer Chen
    Spencer ChenMar 2, 2026

    Integrates cleanly into lightweight workflows. Would recommend for lightweight use cases.

On this page
01Features02Compatibility03Quick start04Use cases05Alternatives
Stats
GitHub Stars★ 53
Last commit
HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly bridge LLMs with real-world offensive security capabilities.
vs →
agentic_security logo
agentic_security★ 1.9k
Agentic LLM Vulnerability Scanner / AI red teaming kit 🧪
vs →
mcp-for-security logo
mcp-for-security★ 612
MCP for Security: A collection of Model Context Protocol servers for popular security tools like SQLMap, FFUF, NMAP, Masscan and more. Integrate security testing and penetration testing into AI workflows.
vs →
code-pathfinder logo
code-pathfinder★ 135
AI-Native Static Code Analysis for modern security teams. Built for finding vulnerabilities, advanced structural search, derive insights and supports MCP
vs →
agent-security-scanner-mcp logo
agent-security-scanner-mcp★ 107
Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix.
vs →
hexstrike-ai-community-edition logo
hexstrike-ai-community-edition★ 109
HexStrike AI Community Edition - Cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly bridge LLMs with real-world offensive security capabilities.
vs →
See all alternatives →
2mo ago
StatusActive
LicenseNOASSERTION
CategoryBrowser Automation
Trend (30d)
+2.1↑ 0.4%
Links
Documentation↗Discussion↗Issues↗Releases↗

Deploy on DigitalOcean — Get $200 Free Credit

Ad