frameseven

module

v0.2.4 Latest Latest Go to latest Published: Jun 20, 2026 License: MIT

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/sayseven7/frameseven

Links

Open Source Insights

README ¶

frameseven

frameseven is a CLI-first offensive web security scanner for authorized security testing. It maps a target's attack surface and runs active checks for common web vulnerabilities and misconfigurations.

Only scan systems that you own or have explicit permission to test.

Requirements

Go 1.26.4 or later in the Go 1.26 release line
Python 3 with fpdf2 for PDF report generation
Git
Network access to the authorized target
Linux, macOS, or another environment supported by Go

Development Setup

git clone https://github.com/sayseven7/frameseven.git
cd frameseven
python3 -m venv .venv
.venv/bin/python -m pip install "fpdf2>=2.8"
go test ./...
go run cmd/cli/v1/main.go -url https://target.example

PDF reports are rendered by the Go wrapper through Python. The wrapper uses FRAMESEVEN_PYTHON when set, otherwise it looks for .venv/bin/python, then falls back to python3. If Python or fpdf2 is missing, PDF generation returns a clear error instead of silently producing a broken report.

Documentation

Directories ¶

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

Path	Synopsis
cmd
cli/v1 command Package main implements the frameseven CLI v1 entry point.	Package main implements the frameseven CLI v1 entry point.
mcp command Package main implements the frameseven MCP server entry point.	Package main implements the frameseven MCP server entry point.
internal
config Package config defines the scan configuration and provides a factory that applies project-level defaults for timeout, user agent, and rate limits.	Package config defines the scan configuration and provides a factory that applies project-level defaults for timeout, user agent, and rate limits.
cve Package cve maps detected technology versions to known CVEs using the public NVD API 2.0.	Package cve maps detected technology versions to known CVEs using the public NVD API 2.0.
engagement Package engagement keeps a persistent record of every finding gathered during an assessment: scanner output plus manual work (dumps, cracked credentials, exfiltrated files).	Package engagement keeps a persistent record of every finding gathered during an assessment: scanner output plus manual work (dumps, cracked credentials, exfiltrated files).
finding Package finding defines the finding model used across all framework tools.	Package finding defines the finding model used across all framework tools.
mcp Package mcp exposes the FrameSeven MCP server.	Package mcp exposes the FrameSeven MCP server.
report Package report defines the scan result structure and renders CLI v1 reports.	Package report defines the scan result structure and renders CLI v1 reports.
tools/v1/access Package access tests broken access control: sensitive endpoints reachable without authentication, and IDOR by enumerating numeric identifiers.	Package access tests broken access control: sensitive endpoints reachable without authentication, and IDOR by enumerating numeric identifiers.
tools/v1/auth Package auth implements browser-based authentication capture.	Package auth implements browser-based authentication capture.
tools/v1/auth_test Package authtest checks authentication weaknesses: default credentials on login endpoints, missing account lockout, and JWTs signed with no algorithm or a weak, guessable secret.	Package authtest checks authentication weaknesses: default credentials on login endpoints, missing account lockout, and JWTs signed with no algorithm or a weak, guessable secret.
tools/v1/bannergrab Package bannergrab checks lightweight service banners for selected TCP services.	Package bannergrab checks lightweight service banners for selected TCP services.
tools/v1/cmdi Package cmdi tests OS command injection: it injects time-based payloads into command-like parameters and confirms a hit when the response is delayed, then escalates with output-based payloads to read command output and prove RCE.	Package cmdi tests OS command injection: it injects time-based payloads into command-like parameters and confirms a hit when the response is delayed, then escalates with output-based payloads to read command output and prove RCE.
tools/v1/content Package content discovers common web content paths.	Package content discovers common web content paths.
tools/v1/crawler Package crawler expands endpoint discovery by visiting already discovered same-origin pages and extracting additional links and form actions.	Package crawler expands endpoint discovery by visiting already discovered same-origin pages and extracting additional links and form actions.
tools/v1/external Package external runs external security binaries (such as Nmap and sqlmap) for Framework v1 in a fail-safe way: a missing binary, a non-zero exit, a timeout, or unparseable output is always turned into a finding instead of an error that could block the rest of the scan.	Package external runs external security binaries (such as Nmap and sqlmap) for Framework v1 in a fail-safe way: a missing binary, a non-zero exit, a timeout, or unparseable output is always turned into a finding instead of an error that could block the rest of the scan.
tools/v1/external/nmap Package nmap runs Nmap for Framework v1 and maps its results into findings.	Package nmap runs Nmap for Framework v1 and maps its results into findings.
tools/v1/external/sqlmap Package sqlmap runs sqlmap for Framework v1 and maps its result into a finding.	Package sqlmap runs sqlmap for Framework v1 and maps its result into a finding.
tools/v1/lfi Package lfi tests local file inclusion and path traversal: it injects traversal and PHP stream-wrapper payloads into parameters that look like file paths and confirms a hit when local file contents come back.	Package lfi tests local file inclusion and path traversal: it injects traversal and PHP stream-wrapper payloads into parameters that look like file paths and confirms a hit when local file contents come back.
tools/v1/misconfig Package misconfig checks for security misconfiguration: missing security headers, dangerous HTTP methods, permissive CORS and weak TLS.	Package misconfig checks for security misconfiguration: missing security headers, dangerous HTTP methods, permissive CORS and weak TLS.
tools/v1/ports Package ports performs light TCP checks against common web-facing ports.	Package ports performs light TCP checks against common web-facing ports.
tools/v1/ratelimit Package ratelimit measures whether the target throttles repeated requests by firing a burst and observing status-code and latency variation.	Package ratelimit measures whether the target throttles repeated requests by firing a burst and observing status-code and latency variation.
tools/v1/recon Package recon maps the attack surface of a target: DNS, response headers, technologies in use, sensitive files, and reachable endpoints/parameters.	Package recon maps the attack surface of a target: DNS, response headers, technologies in use, sensitive files, and reachable endpoints/parameters.
tools/v1/redirect Package redirect tests open redirects: it injects external destinations into redirect-like parameters and confirms a hit when the response redirects off the original origin via the Location header or a meta-refresh tag.	Package redirect tests open redirects: it injects external destinations into redirect-like parameters and confirms a hit when the response redirects off the original origin via the Location header or a meta-refresh tag.
tools/v1/scanner Package scanner orchestrates a full scan: it maps the surface with recon and then runs every test and enrichment tool against it, returning a report.	Package scanner orchestrates a full scan: it maps the surface with recon and then runs every test and enrichment tool against it, returning a report.
tools/v1/sqli Package sqli detects SQL injection (boolean-based) and, when a parameter is injectable, extracts real data with UNION-based payloads: DBMS, current database, current user, tables, columns and credential rows.	Package sqli detects SQL injection (boolean-based) and, when a parameter is injectable, extracts real data with UNION-based payloads: DBMS, current database, current user, tables, columns and credential rows.
tools/v1/ssrf Package ssrf tests server-side request forgery: it injects internal and cloud-metadata URLs into parameters that look like URLs and confirms a hit when the server returns metadata-service content.	Package ssrf tests server-side request forgery: it injects internal and cloud-metadata URLs into parameters that look like URLs and confirms a hit when the server returns metadata-service content.
tools/v1/ssti Package ssti tests server-side template injection: it injects math expressions that template engines evaluate, confirms a hit when the evaluated result comes back, fingerprints the engine, and attempts engine-specific RCE.	Package ssti tests server-side template injection: it injects math expressions that template engines evaluate, confirms a hit when the evaluated result comes back, fingerprints the engine, and attempts engine-specific RCE.
tools/v1/subdomain Package subdomain resolves a small seed list of common subdomain names.	Package subdomain resolves a small seed list of common subdomain names.
tools/v1/xss Package xss tests cross-site scripting: it injects marked payloads into discovered parameters and confirms reflected XSS when the payload comes back unencoded, stored XSS when a POSTed payload persists across a later GET, and flags DOM XSS sinks in discovered JavaScript files.	Package xss tests cross-site scripting: it injects marked payloads into discovered parameters and confirms reflected XSS when the payload comes back unencoded, stored XSS when a POSTed payload persists across a later GET, and flags DOM XSS sinks in discovered JavaScript files.
tools/v1/xxe Package xxe tests XML external entity and XML injection flaws: it posts XML documents that declare external entities pointing at local files and the cloud metadata endpoint, and confirms a hit when the entity content is reflected back.	Package xxe tests XML external entity and XML injection flaws: it posts XML documents that declare external entities pointing at local files and the cloud metadata endpoint, and confirms a hit when the entity content is reflected back.