This plugin searches for various Rich Internet Application files. It currently searches for: Google gears manifests These files are used to determine which files are locally cached by google gears. They do not get cleared when the browser cache is cleared and may contain sensitive information. Flex crossdomain.xml This file stores domains which are allowed to make cross domain requests to the server. Silverlight clientaccesspolicy.xml This file determines which clients can access the server in place of the crossdomain.xml. Two configurable parameters exists:

  • wordlist: The wordlist to be used in the gears bruteforce process.
  • manifestExtensions: File extensions to use during manifest bruteforcing.

Plugin type



Name Type Default Value Description Help
wordlist string plugins/crawl/ria_enumerator/common_filenames.db Wordlist to use in the manifest file name bruteforcing process. No detailed help available
manifestExtensions list [”, ‘.php’, ‘.json’, ‘.txt’, ‘.gears’] File extensions to use when brute forcing Gears Manifest files No detailed help available


For more information about this plugin and the associated tests, there’s always the source code to understand exactly what’s under the hood:
github-logoPlugin source code
Unittest source code


This plugin has no dependencies.