Overview
Maryam is a powerful, modular open-source intelligence (OSINT) framework designed for security researchers and penetration testers conducting thorough reconnaissance. It automates data gathering from multiple sources, correlates findings across domains, emails, social media, and threat intelligence feeds. Maryam provides comprehensive analysis capabilities, result visualization, and integration with external tools. Essential for target profiling, vulnerability discovery, and threat landscape assessment.
Installation
Linux (Debian/Ubuntu)
# Install Python 3.6+ first
sudo apt-get update
sudo apt-get install python3 python3-pip git
# Clone repository
git clone https://github.com/saeeddhqan/maryam.git
cd maryam
# Install dependencies
pip3 install -r requirements.txt
# Verify installation
python3 maryam.py --version
Linux (RHEL/CentOS/Fedora)
sudo yum install python3 python3-pip git
git clone https://github.com/saeeddhqan/maryam.git
cd maryam
pip3 install -r requirements.txt
python3 maryam.py --help
macOS
# Install via Homebrew
brew install python3 git
# Clone and setup
git clone https://github.com/saeeddhqan/maryam.git
cd maryam
pip3 install -r requirements.txt
python3 maryam.py --version
Docker
# Pull official image
docker pull saeeddhqan/maryam:latest
# Run container
docker run -it saeeddhqan/maryam maryam.py --help
# Interactive session
docker run -it -v ~/maryam_output:/home/maryam saeeddhqan/maryam
Command Structure
Basic Usage
python3 maryam.py [module] [options]
# Interactive mode
python3 maryam.py -i
# Show available modules
python3 maryam.py --list
# Search using specific module
python3 maryam.py search [module] [query]
Core Modules
Domain Intelligence
| Module | Purpose |
|---|
osint | Comprehensive domain reconnaissance |
domain | Domain analysis and whois lookup |
dns | DNS enumeration and resolution |
cert | SSL certificate analysis |
web | Web technology fingerprinting |
archive | Wayback Machine historical data |
Email Investigation
| Module | Purpose |
|---|
email | Email enumeration and validation |
breach | Data breach correlation |
similar | Find similar email addresses |
verify | Email address verification |
| Module | Purpose |
|---|
person | People search and profiling |
twitter | Twitter account analysis |
github | GitHub user enumeration |
instagram | Instagram profile investigation |
linkedin | LinkedIn profile data |
IP and Network
| Module | Purpose |
|---|
ip | IP geolocation and reputation |
port | Port scanning and service detection |
shodan | Shodan device enumeration |
asn | ASN and network block analysis |
Basic Domain Investigation
Quick Domain Overview
# Full domain reconnaissance
python3 maryam.py osint -d target.com
# Output structure:
# - WHOIS information
# - DNS records
# - SSL certificate data
# - Subdomains (if found)
# - Technology stack
# - Related domains
DNS Enumeration
# Standard DNS lookup
python3 maryam.py dns -d target.com
# Result includes:
# - A records (IPv4 addresses)
# - MX records (mail servers)
# - TXT records (domain verification)
# - NS records (nameservers)
# - CNAME records (aliases)
# - SPF, DKIM, DMARC (email security)
SSL Certificate Analysis
# Analyze SSL certificates
python3 maryam.py cert -d target.com
# Provides:
# - Certificate validity
# - Subject Alternative Names (SANs)
# - Issuer information
# - Certificate chain
# - Expiration dates
# - Notable domains
Subdomain Discovery
# Enumerate subdomains
python3 maryam.py osint -d target.com -s
# Multi-source subdomain discovery
python3 maryam.py search sublist3r -d target.com
# Results organized by:
# - Confirmed subdomains
# - IP addresses
# - Technology stack
Email Investigation
Email Enumeration
# Find emails for domain
python3 maryam.py email -d target.com
# Discovers emails from multiple sources:
# - Hunter.io API results
# - Public records
# - Breached databases
# - Corporate websites
# Results include:
# - Complete email addresses
# - Associated names
# - Job titles
# - Departments
Email Validation and Verification
# Verify email existence
python3 maryam.py verify -e target@example.com
# Check multiple emails from file
python3 maryam.py verify -f email_list.txt
# Output indicates:
# - Valid/Invalid status
# - Bounce indicators
# - Catch-all domains
# - Mailbox active status
Data Breach Investigation
# Check if email in known breaches
python3 maryam.py breach -e target@example.com
# Check multiple addresses
for email in $(cat emails.txt); do
python3 maryam.py breach -e "$email"
done
# Returns:
# - Breach names
# - Breach dates
# - Compromised data types
Similar Email Discovery
# Find related email addresses
python3 maryam.py similar -e target@example.com
# Generates variations:
# - Different TLDs
# - Name variations
# - Common misspellings
# - Typosquatter domains
# Analyze Twitter account
python3 maryam.py twitter -u target_username
# Extracted information:
# - Account creation date
# - Follower/following counts
# - Bio and location
# - Recent tweets
# - Linked accounts
GitHub User Enumeration
# Investigate GitHub user
python3 maryam.py github -u target_username
# Intelligence gathered:
# - Public repositories
# - Code snippets and patterns
# - Collaboration patterns
# - Contact information
# - Technology proficiency
Person Search
# Find person information
python3 maryam.py person -n "John Doe"
# Multi-source person profiling:
# - Social media profiles
# - Public records
# - Email addresses
# - Phone numbers
# - Location history
LinkedIn Reconnaissance
# Search LinkedIn (public data)
python3 maryam.py search linkedin -q "company OR person"
# Intelligence on:
# - Employee counts
# - Company structure
# - Job titles and roles
# - Career progression
IP and Network Analysis
IP Geolocation and Reputation
# Analyze IP address
python3 maryam.py ip -i 192.0.2.1
# Information provided:
# - Geographic location
# - ISP and network provider
# - Threat reputation
# - Known vulnerabilities
# - Autonomous System (AS) info
Port and Service Detection
# Scan target ports
python3 maryam.py port -i target.com -p 80,443,22,3306
# Provides:
# - Open/closed status
# - Service identification
# - Version detection
# - Known vulnerabilities
Shodan Device Enumeration
# Search Shodan database
python3 maryam.py shodan -q "product:Apache"
# Find devices running:
python3 maryam.py shodan -q "org:Target Company"
# Results include:
# - Device IP addresses
# - Geographic distribution
# - Service versions
# - Vulnerabilities
Advanced Reconnaissance Workflows
Comprehensive Organization Profiling
# Stage 1: Domain analysis
python3 maryam.py osint -d company.com
# Stage 2: Email enumeration
python3 maryam.py email -d company.com
# Stage 3: Verify emails
for email in $(cat emails.txt); do
python3 maryam.py verify -e "$email"
done
# Stage 4: Employee social profiling
python3 maryam.py search linkedin -q "company:Company Name"
# Stage 5: Technology stack analysis
python3 maryam.py web -d company.com
Threat Intelligence Gathering
# IP reputation check
python3 maryam.py ip -i suspicious.ip.address
# Domain threat analysis
python3 maryam.py osint -d suspicious-domain.com
# Email breach correlation
python3 maryam.py breach -e admin@suspicious-domain.com
# Combine findings for threat profile
Competitive Intelligence
# Discover company infrastructure
python3 maryam.py osint -d competitor.com
# Find subdomains and technologies
python3 maryam.py cert -d competitor.com
# Identify employees (from email enumeration)
python3 maryam.py email -d competitor.com
# Analyze technology stack
python3 maryam.py web -d competitor.com
# Create competitive intelligence report
Batch Processing and Automation
Process Multiple Domains
# Create target list
cat > targets.txt << EOF
example1.com
example2.com
example3.com
EOF
# Batch reconnaissance
for domain in $(cat targets.txt); do
echo "=== Processing $domain ==="
python3 maryam.py osint -d "$domain" > results_$domain.txt
python3 maryam.py email -d "$domain" >> results_$domain.txt
done
Automated Email Enumeration
# Enumerate emails for multiple domains
for domain in company1.com company2.com company3.com; do
python3 maryam.py email -d "$domain" > emails_$domain.txt
done
# Consolidate results
cat emails_*.txt > all_emails.txt
# Remove duplicates
sort -u all_emails.txt > unique_emails.txt
# Verify all emails
python3 maryam.py verify -f unique_emails.txt > verification_results.txt
Breach Data Cross-Reference
# Create email list from enumeration
python3 maryam.py email -d target.com > target_emails.txt
# Check all emails against breaches
while read email; do
status=$(python3 maryam.py breach -e "$email" | grep -o "Found\|Not Found")
echo "$email: $status" >> breach_status.txt
done < target_emails.txt
# Summarize findings
grep "Found" breach_status.txt | wc -l
Export Results
# Export to JSON (machine-readable)
python3 maryam.py osint -d target.com --json > results.json
# Export to CSV for spreadsheet analysis
python3 maryam.py osint -d target.com --csv > results.csv
# Standard text output for reporting
python3 maryam.py osint -d target.com > investigation_report.txt
Generate Investigation Report
# Comprehensive report creation
{
echo "=== OSINT Investigation Report ==="
echo "Date: $(date)"
echo "Target: target.com"
echo ""
echo "=== Domain Analysis ==="
python3 maryam.py osint -d target.com
echo ""
echo "=== Email Enumeration ==="
python3 maryam.py email -d target.com
echo ""
echo "=== Certificate Analysis ==="
python3 maryam.py cert -d target.com
} > comprehensive_report.txt
Configuration and Customization
API Key Management
# Edit configuration file
nano ~/.maryam/config.py
# Configure API keys for:
# - Hunter.io (email enumeration)
# - Shodan (device search)
# - VirusTotal (threat intelligence)
# - Censys (certificate data)
# - Custom API integrations
Module-Specific Configuration
# List available modules
python3 maryam.py --list
# Show module options
python3 maryam.py search [module] --help
# Execute with custom parameters
python3 maryam.py osint -d target.com --deep
# Export subdomains for Nessus scanning
python3 maryam.py osint -d target.com | grep "subdomain" > subs.txt
# Use emails with Spraying tools
python3 maryam.py email -d target.com > wordlist.txt
# IP data for threat intelligence
python3 maryam.py ip -i 192.0.2.1 | tee ip_report.txt | grep "threat"
Pipeline Integration
# Multi-stage reconnaissance pipeline
python3 maryam.py osint -d target.com | \
grep "subdomain" | \
cut -d' ' -f2 | \
while read sub; do
python3 maryam.py ip -i "$sub"
done
Large-Scale Investigations
# Process with rate limiting (avoid detection/blocks)
python3 maryam.py osint -d target.com --delay 2
# Parallel processing for multiple domains
cat targets.txt | xargs -P 3 -I {} \
python3 maryam.py osint -d {} > results_{}.txt
# Monitor system resources
watch -n 5 'ps aux | grep maryam'
Network Optimization
# Use proxy for anonymity
python3 maryam.py osint -d target.com --proxy http://proxy:8080
# Retry failed requests
python3 maryam.py osint -d target.com --retry 3
# Timeout configuration
python3 maryam.py osint -d target.com --timeout 30
Security and OPSEC
Operational Security
Best practices:
1. Use VPN/proxy for all queries
2. Rate limit queries to avoid detection
3. Use API keys carefully (don't hardcode)
4. Rotate IP addresses if possible
5. Vary user agents and headers
6. Space out requests over time
7. Review results for exposure
Legal and Ethical Considerations
Authorized use only:
✓ Authorized penetration testing
✓ Legitimate threat intelligence
✓ Public OSINT for research
Legal concerns:
✗ Unauthorized access attempts
✗ Privacy violations
✗ Data collection violations
✗ Circumventing detection systems
✗ Scraping against ToS
Troubleshooting
Common Issues and Solutions
| Issue | Solution |
|---|
| ”Module not found” | Run pip3 install -r requirements.txt again |
| ”API limit exceeded” | Upgrade API tier or add API keys for alternatives |
| ”Connection timeout” | Check network; use proxy; increase timeout |
| ”No results found” | Verify input format; try different modules |
| ”Permission denied” | Run with python3 if not in PATH |
Verifying Installation
# Check Python version (3.6+ required)
python3 --version
# List available modules
python3 maryam.py --list
# Test basic functionality
python3 maryam.py osint -d example.com
# Verify API connectivity
python3 maryam.py search hunter -q test
Advanced Scenarios
Vulnerability Research
Find outdated software versions across organization:
1. Enumerate subdomains
2. Detect technologies with fingerprinting
3. Check versions against CVE databases
4. Report vulnerabilities by prevalence
Supply Chain Analysis
Map vendor and partner ecosystem:
1. Find organization websites
2. Enumerate business partners from data
3. Analyze partner infrastructure
4. Identify cross-company vulnerabilities
5. Create supply chain risk map
Incident Response
Rapid breach investigation:
1. Email enumeration for affected organization
2. Check breach databases immediately
3. Analyze IP reputation of attackers
4. Timeline construction from WHOIS data
5. Identify similar attack patterns
See Also
- TheHarvester: Email and subdomain enumeration
- Shodan: Internet search engine
- Hunter.io: Email discovery API
- Censys: Internet intelligence
- SpiderFoot: OSINT automation
- Recon-ng: Web reconnaissance
- OSINT Framework: Comprehensive OSINT guide
