Maryam -- OSINT Fremework for Information Gathering

With the latest Kali Linux 2020.4 update Kali Linux repository now comes with OWASP Maryam Open-Source Intelligence (OSINT) Framework. Maryam Framework will be very helpful for penetration testers and cybersecurity experts. This is based on Recon-ng and written on Python3.

Maryam Kali Linux OSINT tool

What is Maryam

Open-source intelligence (OSINT) uses open source tools to collect information and analyze them for a specific purpose. OSINT can be very helpful for cybersecurity experts to use to garner data about particular organizations.

Today, using Open sources like Bing, Google, Yahoo, etc, for data gathering, are essential steps for reconnaissance, which is a common task. It should be a tool to automate this routine. One of the best tools in this field is ​The OWASP Maryam. The interface of Maryam is is very similar to Recon-ng and Metasploit. If we are familiar with these tools then Maryam will be very easy to use.

Key Features of Maryam

  1. Metasploit like Interface.
  2. Identifying WebApps and WAF.
  3. Extracts Emails, Docs and Subdomains from search engines.
  4. Extracts Links, CSS and JS files, Emails, Keywords from Web Sources.
  5. Extracting DNS, TLD by brute-force.
  6. Crawl Web Pages and search our RegExp.
  7. More upgrading in developing...

Installing Maryam on Kali Linux

As we told that Maryam comes with Kali Linux repository, so we don't need much effort to install it. We can install it simply using following command:

sudo apt install maryam -y

After putting our sudo password Maryam installing will be start on our system. As we can see in the following screenshot:

installing maryam on kali linux

After the installation process is done, we can check the the tool is running by following command:


We can see the output of the above command in the following screenshot:

maryam framework

Here we need to run help command to see the the help options of Maryam Framework as we can see in the following screenshot:

maryam help options
It's interface is seems very similar to Metasploit. Here we can run following command to see the modules:
show modules
modules on maryam

Grabbing Social Media using Maryam

Let's run this tool. For an example we are running social_nets OSINT module. Before running it we can check it's help by just entering the module name or <module-name> --help, as we can see the help of social_nets in the following screenshot:

social nets module on maryam

Let's run this module by following command:

social_nets -q hax4us -e google,yahoo,bing

By using the above command we are trying to discover social media accounts of hax4us (my friend's brand) on the search results of Google, Yahoo and Bing. We can use more supported search engines here (like Yandex etc).

Now multiple use of this function may be detected by search engines and they will detect the bot and it gives following CAPTCHA errors.

Google captcha errors caused by bot
Google got the bot

Finding Document Files

We can easily find Document files like PDF files, text files etc by using Maryam Open-Source Intelligence Framework, we are going use docs_search module for this, and the command will be like following:

docs_search -q amazon -f pdf -e google,bing,metacrawler

For searching document we had used docs_search module in the above command, and -q flag to set our query, -f flag used to specify file format and -e to specify engines (search engines) to find these files.

And in the following screenshot we can see that we got links of PDF files related to Amazon.

searching files using maryam

DNS Brute Force using Maryam

Let's have a look how can we Brute Force DNS records using Maryam's dnsbrute module. To do so we are going to use following command:

dnsbrute -d --thread 10 --wordlist /path/of/wordlist

Crawling Pages using Maryam

Now we are going to use the crawl_pages module to crawl an website (Regex search) for juicy information. To do so we are going to use following command:

crawl_pages -d -r https?://[A-z0-9./]+

In the following screenshot we can see the output. It scans the website for duplicate information.

crawling websites for regex

Final Words

This is how we can install and use Maryam on our Kali Linux system, we learned basic things we can do with OWASP Maryam OSINT Framework. OWASP Maryam is a modular open-source framework based on OSINT and data gathering. It is designed to provide a robust environment to harvest data from open sources and search engines quickly and thoroughly.

It has a lots of advanced features like we can set proxy, agents and timeout. For more information we can check the official page.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

Kali Linux


No comments
Post a Comment