dalisecurity

dalisecurity / Fray

Public

AI-native security toolkit — fray go target.com scans everything. 5,600+ payloads, 98 WAF vendors, 35+ recon checks. Zero config

dalisec.io attack-surface bugbounty cloudflare mcp mcp-server
50
3
100% credibility
Found Mar 13, 2026 at 48 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

Fray is an open-source toolkit that simplifies authorized web security testing through reconnaissance, WAF detection, vulnerability scanning, bypass attempts, and polished reporting for developers and teams.

How It Works

1
🔍 Discover Fray

You learn about a friendly tool that helps check if your website is safe from hackers, without needing to be a tech expert.

2
📦 Easy setup

You add Fray to your computer with a simple command, and it's ready to use right away.

3
🌐 Point and explore

Just tell Fray your website's address, and it gently looks around to spot any weak spots.

4
🛡️ Smart checks

Fray runs clever tests to find hidden dangers like sneaky break-in attempts.

5
📊 Clear results

You get a beautiful summary showing exactly what's safe and what needs fixing, with easy tips.

Site secured

Your website is now stronger and safer, giving you confidence it's protected from threats.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 48 to 50 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is Fray?

Fray is a Python AI-native security platform that scans websites in one command: `fray go target.com` runs 35+ recon checks, fingerprints 98 WAF vendors, and tests with 5,600+ payloads for XSS, SQLi, CMDi, and more. It auto-generates HTML reports, supports auth/stealth modes, and handles full pipelines from recon to hardening audits with zero config or deps beyond pip install.

Why is it gaining traction?

Its "vibe security" hook—one CLI replacing nmap, wafw00f, sqlmap, and nuclei—delivers smart payload selection from recon findings and adaptive caching that learns across scans. AI-native LLM security shines via MCP server for Claude/ChatGPT queries like "bypass Cloudflare XSS," plus GitHub Actions and VS Code extension for seamless dev workflows.

Who should use this?

Web devs auditing staging sites before launch, bug bounty hunters chaining recon to WAF bypasses, DevSecOps enforcing PR scans, and AI native development teams probing LLM endpoints or React Native backends for data security gaps.

Verdict

Grab it for fast, no-fuss scans on owned targets—docs and integrations punch above 48 stars—but 1.0% credibility signals early maturity; pair with established tools until community grows.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.