
OWASP Maryam is an Open-source intelligence(OSINT) and Web-based Footprinting modular/tool framework based on the Recon-ng and written in Python. If you have skills in Metasploit or Recon-ng, you can easily use it without prerequisites. And if not, please read the Quick Guide.
What can be done
If you want
- Extracts Emails, Docs, Subdomains, Social networks from search engines
- Extracts Links, CSS and JS files, CDN links, Emails, Keywords from Web Source
- Find and Brute force DNS, TLD and important direct
- Crawl Web Pages and search your RegExp
- Identify WebApps, WAF, Interesting and important files
- And get a report with several formats
Install Maryam
git clone https://github.com/saeeddhqan/Maryam.git
cd Maryam
pip install -r requirements
chmod +x maryam
./maryam
Quick Guide
For help options
- write
help
or?
- or write
help <command-name>
for help your command
For show modules
- write
show modules
For use modules
- write
use <module-name>
orload <module-name>
For show set options
- write
show options
For set an option
- write
set <option-name> <value>
- for example
set VERBOSITY 2
For run selected module
- write
run
For add a variable
- write
var <$name> <value>
- for example
var $hunter_key XXXXXXXXXXXXXXXX
- for use, it writes
set HUNTER_KEY $hunter_key
- for show, all of the variables write
var list
command - for delete, a variable write
var delete <var-name>
For get report from modules output
- set 'output' option with True:
set output True
- Or use '--output switch':
wapps -d domain.com --output
- And next, use
report
command:report <format> <file-name-for-output> <module-name>
- For example
report <format> pdf_docs osint/docs_search localhost
For show history commands
- write
history all
For modules search
- write
search <string>
For record commands
- write
record start <file-name>
- for stop it
record stop
For store all outputs
- write
spool start <file-name>
- for stop it
spool stop
For run commands from file
- write
resource <commands-file-name>
For run shell command
- write
shell <command>
or! <command>
or<command>
For reload all modules
- write
reload
For config the connections
- see the options:
show options
- and set the options:
set TIMEOUT 2.5
For use random user-agent
- write
set RAND_AGENT true
Examples
For search a RegExp to the web pages
python maryam
use footprint/crawl_pages
set url example.com
set regex https?://[A-z0-9\._\/\-?=]+
If you want crawl in the more pages:set crawl True
If you want get keywords, emails and ..:set more True
get pdf files from search engine
python maryam
use osint/docs_search
set company EXAMPLE
set type pdf
set limit 5
set count 50
set metacrawler True
run
DNS brute force
./maryam
use osint/dns_search
set dnsbrute True
set wordlist mylist.txt
set host example.com
run
Get links and save data and get json report
./maryam
crawler -d <DOMAIN> --output
report json output_file_name osint/crawler
links
Bugs, requests, or any other issues please contact me
Author

- Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Latest Articles
Blog2022.12.13What are the Common Security Weaknesses of Cloud Based Networks?
Blog2022.10.12Vulnerability management with Wazuh open source XDR
Blog2022.08.29Deception Technologies: Improving Incident Detection and Response by Alex Vakulov
Blog2022.08.25Exploring the Heightened Importance of Cybersecurity in Mobile App Development by Jeff Kalwerisky