Hey Folks, in this tutorial we are going to talk about an interesting tool called “Maryam“. Maryam is an Open-source intelligence(OSINT) and Web-based Footprinting optional/modular framework based on the Recon-ng core and written in Python. If you have skill in Metasploit or Recon-ng, you can easily use it without prerequisites and if not, then you can read the full article till the bottom.
Let’s take a look 🙂 !!
To fully configure it you have to follow the same steps that we did. So first we will download this tool using git command from gitub, after downloading we will go to the directory and execute the “pip” command to install all dependencies.
git clone https://github.com/saeeddhqan/Maryam.git
pip install -r requirements.txt
Done 🙂 !! How we have set up this tool easily. Now we can use this tool by using the following command.
It is very easy to see all the available modules in this tool because all you have to do is execute the following command.
Anonymous Email Grabbing – OSINT
Suppose if you want to grab some email addresses and it does not depend who they are, you can use this option. Just you need to enter the module name and it will give you all usage details.
See below, in which the “-q” argument is queries and the “-e” argument is being used for search engine purposes. Just entered the details as per need and execute the command.
email_search -q gmail.com -e bing,google,yahoo --output
Great 🙂 !! As you can see it has dumped all available and unknown email addresses which you can use as per your choice.
Social Nets – OSINT
This is another module related to OSINT and is used to derive a description of the target’s social media handlers. Just execute the following command to get usage of this module.
Hmm 🙂 !! As you can see when we enter the following command it gives details about the target on which social platform it is available. Similarly you can use all the modules available in OSINT.
social_nets -n secnhack.in -e google,yahoo,bing
Crawl Pages – Footpriniting
Now we will adopt a footprint module of this tool. The following module has been given to crawl the entire web pages of live website. You can see the usage guide by using the following command.
BOOM 🙂 !! It has successfully crawled all web pages from the live website which may contain some sensitive files or the location of the web server.
crawl_pages -d secnhack.in -r "https?://[A-z0-9./]+" --output
Getting Profiles From LinkedIn – Search
These can be very useful features for everyone as we often keep trying to find people’s profiles on LinkedIn one by one, but through this feature we can grab profiles of multiple people at the same time.
Nice 🙂 !! The results are very impressive and as you can see it has scrapped all the listed LinkedIn profiles associated with this specific name on google, bing, etc.
linkedin -q shubhamgoyaloscp -e google,bing,yahoo
Read More …..
Getting Profiles From Twitter – Search
Likewise, we try to dump twitter profiles associated with this specific name listed on google, bing etc. Execute the following command to check the usage guide of this module.
Great 🙂 !! As you can see that again it has been scrapped all the twitter profiles associated with this given name.
twitter -q shubham -e bing,google
Similarly, you can use all the modules of this tool one by one and improve your information gathering skills.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.