LICENSE
README.md
pyproject.toml
fray/__init__.py
fray/__main__.py
fray/_report_builder.py
fray/_report_css.py
fray/adaptive_cache.py
fray/agent.py
fray/ai_bypass.py
fray/ask.py
fray/async_engine.py
fray/auth.py
fray/batch.py
fray/blind.py
fray/bounty.py
fray/browser.py
fray/bypass.py
fray/cache_poison.py
fray/challenge_solver.py
fray/checkpoint.py
fray/ci.py
fray/cli.py
fray/cloud_sync.py
fray/cmdi.py
fray/company_report.py
fray/compare.py
fray/completions.py
fray/config.py
fray/crawler.py
fray/cred.py
fray/csp.py
fray/csp_scanner.py
fray/cve_payload.py
fray/dashboard.py
fray/deser.py
fray/detector.py
fray/diff.py
fray/differ.py
fray/doctor.py
fray/evolve.py
fray/fuzzer.py
fray/graph.py
fray/headless.py
fray/impersonate.py
fray/interactive.py
fray/interop.py
fray/leak.py
fray/learn.py
fray/massassign.py
fray/mcp_server.py
fray/modern_bypasses.py
fray/monitor.py
fray/multiproto.py
fray/mutator.py
fray/nuclei_export.py
fray/osint.py
fray/output.py
fray/pattern_probe.py
fray/payload_creator.py
fray/payload_generator.py
fray/plugins.py
fray/poc_extractor.py
fray/posture.py
fray/progress.py
fray/proto_pollution.py
fray/race.py
fray/recommender.py
fray/recon_diff.py
fray/reporter.py
fray/scanner.py
fray/scope.py
fray/share_status.py
fray/smoke_test.py
fray/smuggling.py
fray/sqli.py
fray/ssrf.py
fray/ssti.py
fray/stats.py
fray/submit.py
fray/template_dsl.py
fray/template_engine.py
fray/templates.py
fray/tester.py
fray/themes.py
fray/threat_intel.py
fray/ui.py
fray/update.py
fray/validate.py
fray/verify.py
fray/waf_report.py
fray/waf_reverse.py
fray/waf_rules.py
fray/web_dashboard.py
fray/webhook.py
fray/welcome.py
fray/wizard.py
fray/xss.py
fray.egg-info/PKG-INFO
fray.egg-info/SOURCES.txt
fray.egg-info/dependency_links.txt
fray.egg-info/entry_points.txt
fray.egg-info/requires.txt
fray.egg-info/top_level.txt
fray/data/waf_intel.json
fray/payloads/ai_prompt_injection/excessive_agency.json
fray/payloads/ai_prompt_injection/indirect_injection.json
fray/payloads/ai_prompt_injection/jailbreaks.json
fray/payloads/ai_prompt_injection/llm_supply_chain.json
fray/payloads/ai_prompt_injection/misinformation.json
fray/payloads/ai_prompt_injection/nextjs_framework_attacks.json
fray/payloads/ai_prompt_injection/prompt_leaking.json
fray/payloads/ai_prompt_injection/unbounded_consumption.json
fray/payloads/ai_prompt_injection/vector_embedding_attacks.json
fray/payloads/api_security/api_expanded.json
fray/payloads/api_security/business_flow_abuse.json
fray/payloads/api_security/inventory_management.json
fray/payloads/auth_bypass/auth_bypass_attacks.json
fray/payloads/auth_bypass/threat_intel.json
fray/payloads/buffer_overflow/threat_intel.json
fray/payloads/cache_poison/cache_poison_headers.json
fray/payloads/command_injection/advanced.json
fray/payloads/command_injection/comprehensive.json
fray/payloads/command_injection/rce_expanded.json
fray/payloads/command_injection/threat_intel.json
fray/payloads/cors/cors_attacks.json
fray/payloads/cors/threat_intel.json
fray/payloads/crlf_injection/basic.json
fray/payloads/crlf_injection/comprehensive.json
fray/payloads/crlf_injection/crlf_expanded.json
fray/payloads/crypto_failures/weak_crypto.json
fray/payloads/csp_bypass/base_injection.json
fray/payloads/csp_bypass/csp_expanded.json
fray/payloads/csp_bypass/dangling_markup.json
fray/payloads/csp_bypass/data_uri.json
fray/payloads/csp_bypass/directive_bypasses.json
fray/payloads/csp_bypass/jsonp_callback.json
fray/payloads/csp_bypass/jsonp_endpoints.json
fray/payloads/csp_bypass/nonce_leakage.json
fray/payloads/csp_bypass/object_injection.json
fray/payloads/csp_bypass/unsafe_eval.json
fray/payloads/csp_bypass/unsafe_inline.json
fray/payloads/csp_bypass/waf_specific_bypasses.txt
fray/payloads/deserialization/deser_java.json
fray/payloads/deserialization/threat_intel.json
fray/payloads/file_upload/file_upload_payloads.json
fray/payloads/file_upload/threat_intel.json
fray/payloads/file_upload/upload_bypass.txt
fray/payloads/graphql_attacks/graphql_attacks.json
fray/payloads/host_header_injection/host_header_attacks.json
fray/payloads/http2/h2_attacks.json
fray/payloads/http_smuggling/request_smuggling.json
fray/payloads/http_smuggling/threat_intel.json
fray/payloads/jwt_attack/core_attacks.json
fray/payloads/jwt_attack/jwt_attacks.json
fray/payloads/jwt_attack/threat_intel.json
fray/payloads/ldap_injection/basic.json
fray/payloads/ldap_injection/comprehensive.json
fray/payloads/ldap_injection/ldap_expanded.json
fray/payloads/llm_testing/advanced_attacks.txt
fray/payloads/llm_testing/adversarial_prompts.txt
fray/payloads/llm_testing/bias_detection.txt
fray/payloads/llm_testing/data_leakage.txt
fray/payloads/llm_testing/llm_2025_attacks.json
fray/payloads/llm_testing/llm_testing_payloads.json
fray/payloads/llm_testing/owasp_llm_top10.json
fray/payloads/llm_testing/prompt_injection_advanced.json
fray/payloads/logging_failures/log_injection.json
fray/payloads/massassign/massassign_params.json
fray/payloads/modern_bypasses/2025_2026_techniques.json
fray/payloads/modern_bypasses/advanced_variations.json
fray/payloads/open-redirect/comprehensive.json
fray/payloads/open-redirect/general.json
fray/payloads/open-redirect/open_redirect_expanded.json
fray/payloads/other/general.json
fray/payloads/other/supply_chain_attacks.json
fray/payloads/other/threat_intel.json
fray/payloads/path_traversal/advanced.json
fray/payloads/path_traversal/comprehensive.json
fray/payloads/path_traversal/path_traversal.txt
fray/payloads/path_traversal/path_traversal_expanded.json
fray/payloads/path_traversal/threat_intel.json
fray/payloads/prototype_pollution/json_body.json
fray/payloads/prototype_pollution/proto_expanded.json
fray/payloads/prototype_pollution/query_string.json
fray/payloads/race_condition/race_condition_endpoints.json
fray/payloads/race_condition/threat_intel.json
fray/payloads/rag_security/rag_prompt_injection.json
fray/payloads/sqli/advanced.json
fray/payloads/sqli/comprehensive.json
fray/payloads/sqli/general.json
fray/payloads/sqli/threat_intel.json
fray/payloads/sqli/waf_bypass_sqli.json
fray/payloads/ssrf/advanced.json
fray/payloads/ssrf/comprehensive.json
fray/payloads/ssrf/general.json
fray/payloads/ssrf/ssrf_expanded.json
fray/payloads/ssrf/threat_intel.json
fray/payloads/ssrf_cloud_metadata/cloud_metadata_ssrf.json
fray/payloads/ssrf_cloud_metadata/kubernetes_metadata.json
fray/payloads/ssti/advanced.json
fray/payloads/ssti/comprehensive.json
fray/payloads/ssti/general.json
fray/payloads/ssti/ssti_expanded.json
fray/payloads/ssti/template_injection.txt
fray/payloads/supply_chain_attack/magecart_supply_chain.json
fray/payloads/web_shells/asp_shells.txt
fray/payloads/web_shells/jsp_shells.txt
fray/payloads/web_shells/perl_shells.txt
fray/payloads/web_shells/php_shells.txt
fray/payloads/web_shells/python_shells.txt
fray/payloads/web_shells/web_shells_payloads.json
fray/payloads/wordpress/CVE-2026-28515.txt
fray/payloads/wordpress/CVE-2026-28516.txt
fray/payloads/wordpress/CVE-2026-28517.txt
fray/payloads/wordpress/README.md
fray/payloads/wordpress/wordpress_payloads.json
fray/payloads/xpath_injection/basic.json
fray/payloads/xpath_injection/comprehensive.json
fray/payloads/xpath_injection/xpath_expanded.json
fray/payloads/xss/advanced.json
fray/payloads/xss/basic.json
fray/payloads/xss/cloudflare_akamai_bypass.json
fray/payloads/xss/cve_2025_real_world.json
fray/payloads/xss/cve_additional_2020_2024.json
fray/payloads/xss/dom_and_modern.json
fray/payloads/xss/dom_based.json
fray/payloads/xss/encoded.json
fray/payloads/xss/event_handlers.json
fray/payloads/xss/mutation.json
fray/payloads/xss/obfuscated.json
fray/payloads/xss/polyglot.json
fray/payloads/xss/svg_based.json
fray/payloads/xss/threat_intel.json
fray/payloads/xss/waf_bypass_advanced.json
fray/payloads/xss/xss_advanced.txt
fray/payloads/xss/xss_basic.txt
fray/payloads/xxe/advanced.json
fray/payloads/xxe/comprehensive.json
fray/payloads/xxe/general.json
fray/payloads/xxe/xxe_basic.txt
fray/payloads/xxe/xxe_expanded.json
fray/recon/__init__.py
fray/recon/_monolith.py
fray/recon/checks.py
fray/recon/discovery.py
fray/recon/dns.py
fray/recon/fingerprint.py
fray/recon/history.py
fray/recon/http.py
fray/recon/pipeline.py
fray/recon/supply_chain.py
tests/test_adaptive_cache.py
tests/test_bypass.py
tests/test_ci_learn.py
tests/test_cli.py
tests/test_csp.py
tests/test_diff.py
tests/test_doctor_webhook.py
tests/test_end_to_end.py
tests/test_evolve.py
tests/test_feature_modules.py
tests/test_guided_pipeline_share.py
tests/test_hardening.py
tests/test_integration_complete.py
tests/test_mcp_tools.py
tests/test_new_modules.py
tests/test_package.py
tests/test_qa_targets.py
tests/test_recon.py
tests/test_recon_submodules.py
tests/test_scanner.py
tests/test_scanners.py
tests/test_scope.py
tests/test_smuggling.py
tests/test_stats.py
tests/test_submit.py
tests/test_tester.py
tests/test_validate_bounty.py
tests/test_vulnerable_app.py
tests/test_web_dashboard_api.py