{"id":13537770,"url":"https://github.com/nccgroup/tracy","last_synced_at":"2025-04-04T17:08:50.956Z","repository":{"id":32347864,"uuid":"129963975","full_name":"nccgroup/tracy","owner":"nccgroup","description":"A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.","archived":false,"fork":false,"pushed_at":"2023-03-06T17:30:26.000Z","size":20421,"stargazers_count":557,"open_issues_count":22,"forks_count":69,"subscribers_count":24,"default_branch":"master","last_synced_at":"2025-03-28T16:08:23.432Z","etag":null,"topics":["browser-extension","chrome","chrome-extension","firefox","firefox-addon","security","security-tools","xss","xss-detection"],"latest_commit_sha":null,"homepage":"https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2018/june/tracy-because-tracing-user-input-through-javascript-is-for-tools/","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nccgroup.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-04-17T20:54:05.000Z","updated_at":"2025-02-26T09:29:04.000Z","dependencies_parsed_at":"2024-06-20T15:34:17.806Z","dependency_job_id":"a6f481b3-623b-4923-a71f-a5f8d7008b1e","html_url":"https://github.com/nccgroup/tracy","commit_stats":null,"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nccgroup%2Ftracy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nccgroup%2Ftracy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nccgroup%2Ftracy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nccgroup%2Ftracy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nccgroup","download_url":"https://codeload.github.com/nccgroup/tracy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247217184,"owners_count":20903009,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["browser-extension","chrome","chrome-extension","firefox","firefox-addon","security","security-tools","xss","xss-detection"],"created_at":"2024-08-01T09:01:03.506Z","updated_at":"2025-04-04T17:08:50.927Z","avatar_url":"https://github.com/nccgroup.png","language":"JavaScript","readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://user-images.githubusercontent.com/16947503/38943629-c354d81a-42e6-11e8-9644-cc956d92fbcc.png\" width=250/\u003e\n  \u003ca href=\"https://addons.mozilla.org/en-US/firefox/addon/tracyplugin/\"\u003e\u003cimg src=\"https://extensionworkshop.com/assets/7a17e6-5cc43798bf2472557d8b437e779316758d0e41483542e921f6781694623ee71c.png\"\u003e\u003c/img\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n## Tracy\nA pentesting tool designed to assist with finding all sinks and sources of a web\napplication and display these results in a digestible manner. `tracy` should be used\nduring the mapping-the-application phase of the pentest to identify sources of input\nand their corresponding outputs. `tracy` can use this data to intelligently find\nvulnerable instances of XSS, especially with web applications that use lots of JavaScript.\n\n`tracy` is a browser extension that records all user input \nto a web application and monitors any time those inputs are output, for example in a\nDOM write, server response, or call to `eval`.\n\nFor guides and reference materials about `tracy`, see [the documentation](https://github.com/nccgroup/tracy/wiki).\n\n## Installation\n\nTracy is now only a browser extension! No more binaries, just download it from the Chrome or Firefox store.\n\n* [Firefox](https://addons.mozilla.org/en-US/firefox/addon/tracyplugin/)\n* [Chrome](https://chrome.google.com/webstore/detail/tracy/lcgbimfijafcjjijgjoodgpblgmkckhn).\n\nAnd that's it! As long as tracy is installed in your browser, you are ready to find XSS. There is no longer\nany requirements to configure a proxy or certificates.\n","funding_links":[],"categories":["\u003ca id=\"9eee96404f868f372a6cbc6769ccb7f8\"\u003e\u003c/a\u003e新添加的","Exploitation","JavaScript","\u003ca id=\"9eee96404f868f372a6cbc6769ccb7f8\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"31185b925d5152c7469b963809ceb22d\"\u003e\u003c/a\u003e新添加的","XSS Injection"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnccgroup%2Ftracy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnccgroup%2Ftracy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnccgroup%2Ftracy/lists"}