Fray
raw JSON → 3.5.235 verified Fri May 01 auth: no python
Fray is an open-source WAF (Web Application Firewall) security testing platform. Version 3.5.235 includes 7,200+ attack payloads, 98 WAF/CDN fingerprints, an AI-powered bypass engine, a recon pipeline, and beautiful CLI output. It supports Python >=3.8 and is actively maintained.
pip install fray Common errors
error ModuleNotFoundError: No module named 'fray' ↓
cause Fray is not installed or installed in a different environment.
fix
Run
pip install fray and ensure you are using the correct Python interpreter. error TypeError: Fray() got an unexpected keyword argument 'api_key' ↓
cause Using an older version of fray that does not support the `api_key` parameter.
fix
Upgrade fray to the latest version:
pip install --upgrade fray. Alternatively, omit the api_key parameter if not needed. error ValueError: Invalid target URL ↓
cause The target URL provided is malformed or missing a scheme (http/https).
fix
Ensure the URL includes the protocol, e.g., 'https://example.com'.
Warnings
gotcha Fray uses multithreading and can generate a high volume of requests. Ensure you have permission to test the target and that your network/rate limits are not exceeded. ↓
fix Use the `threads` parameter to limit concurrency, or set rate limits via `max_rps`.
deprecated Older versions (before 3.0) used `from fray import FrayScanner` and `fray.scan()` function. These patterns are deprecated. ↓
fix Upgrade to 3.x and use `from fray import Fray` and the instance-based `scan()` method.
gotcha The AI bypass engine may require an internet connection and may incur costs if using third-party APIs. Check the documentation for configuration. ↓
fix Check the 'bypass' module configuration in the fray documentation.
Imports
- Fray
from fray import Fray
Quickstart
from fray import Fray
# Initialize scanner
scanner = Fray(
target="http://example.com",
api_key=os.environ.get("FRAY_API_KEY", ""),
threads=10
)
# Run scan
result = scanner.scan()
print(result.summary())