Maryam is a powerful, modular open-source intelligence (OSINT) framework designed for security researchers and penetration testers conducting thorough reconnaissance. It automates data gathering from multiple sources, correlates findings across domains, emails, social media, and threat intelligence feeds. Maryam provides comprehensive analysis capabilities, result visualization, and integration with external tools. Essential for target profiling, vulnerability discovery, and threat landscape assessment.
# Install Python 3.6+ first
sudo apt-get update
sudo apt-get install python3 python3-pip git
# Clone repository
git clone https://github.com/saeeddhqan/maryam.git
cd maryam
# Install dependencies
pip3 install -r requirements.txt
# Verify installation
python3 maryam.py --version
sudo yum install python3 python3-pip git
git clone https://github.com/saeeddhqan/maryam.git
cd maryam
pip3 install -r requirements.txt
python3 maryam.py --help
# Install via Homebrew
brew install python3 git
# Clone and setup
git clone https://github.com/saeeddhqan/maryam.git
cd maryam
pip3 install -r requirements.txt
python3 maryam.py --version
# Pull official image
docker pull saeeddhqan/maryam:latest
# Run container
docker run -it saeeddhqan/maryam maryam.py --help
# Interactive session
docker run -it -v ~/maryam_output:/home/maryam saeeddhqan/maryam
python3 maryam.py [module] [options]
# Interactive mode
python3 maryam.py -i
# Show available modules
python3 maryam.py --list
# Search using specific module
python3 maryam.py search [module] [query]
| Module | Purpose |
|---|
osint | Comprehensive domain reconnaissance |
domain | Domain analysis and whois lookup |
dns | DNS enumeration and resolution |
cert | SSL certificate analysis |
web | Web technology fingerprinting |
archive | Wayback Machine historical data |
| Module | Purpose |
|---|
email | Email enumeration and validation |
breach | Data breach correlation |
similar | Find similar email addresses |
verify | Email address verification |
| Module | Purpose |
|---|
person | People search and profiling |
twitter | Twitter account analysis |
github | GitHub user enumeration |
instagram | Instagram profile investigation |
linkedin | LinkedIn profile data |
| Module | Purpose |
|---|
ip | IP geolocation and reputation |
port | Port scanning and service detection |
shodan | Shodan device enumeration |
asn | ASN and network block analysis |
# Full domain reconnaissance
python3 maryam.py osint -d target.com
# Output structure:
# - WHOIS information
# - DNS records
# - SSL certificate data
# - Subdomains (if found)
# - Technology stack
# - Related domains
# Standard DNS lookup
python3 maryam.py dns -d target.com
# Result includes:
# - A records (IPv4 addresses)
# - MX records (mail servers)
# - TXT records (domain verification)
# - NS records (nameservers)
# - CNAME records (aliases)
# - SPF, DKIM, DMARC (email security)
# Analyze SSL certificates
python3 maryam.py cert -d target.com
# Provides:
# - Certificate validity
# - Subject Alternative Names (SANs)
# - Issuer information
# - Certificate chain
# - Expiration dates
# - Notable domains
# Enumerate subdomains
python3 maryam.py osint -d target.com -s
# Multi-source subdomain discovery
python3 maryam.py search sublist3r -d target.com
# Results organized by:
# - Confirmed subdomains
# - IP addresses
# - Technology stack
# Find emails for domain
python3 maryam.py email -d target.com
# Discovers emails from multiple sources:
# - Hunter.io API results
# - Public records
# - Breached databases
# - Corporate websites
# Results include:
# - Complete email addresses
# - Associated names
# - Job titles
# - Departments
# Verify email existence
python3 maryam.py verify -e target@example.com
# Check multiple emails from file
python3 maryam.py verify -f email_list.txt
# Output indicates:
# - Valid/Invalid status
# - Bounce indicators
# - Catch-all domains
# - Mailbox active status
# Check if email in known breaches
python3 maryam.py breach -e target@example.com
# Check multiple addresses
for email in $(cat emails.txt); do
python3 maryam.py breach -e "$email"
done
# Returns:
# - Breach names
# - Breach dates
# - Compromised data types
# Find related email addresses
python3 maryam.py similar -e target@example.com
# Generates variations:
# - Different TLDs
# - Name variations
# - Common misspellings
# - Typosquatter domains
# Analyze Twitter account
python3 maryam.py twitter -u target_username
# Extracted information:
# - Account creation date
# - Follower/following counts
# - Bio and location
# - Recent tweets
# - Linked accounts
# Investigate GitHub user
python3 maryam.py github -u target_username
# Intelligence gathered:
# - Public repositories
# - Code snippets and patterns
# - Collaboration patterns
# - Contact information
# - Technology proficiency
# Find person information
python3 maryam.py person -n "John Doe"
# Multi-source person profiling:
# - Social media profiles
# - Public records
# - Email addresses
# - Phone numbers
# - Location history
# Search LinkedIn (public data)
python3 maryam.py search linkedin -q "company OR person"
# Intelligence on:
# - Employee counts
# - Company structure
# - Job titles and roles
# - Career progression
# Analyze IP address
python3 maryam.py ip -i 192.0.2.1
# Information provided:
# - Geographic location
# - ISP and network provider
# - Threat reputation
# - Known vulnerabilities
# - Autonomous System (AS) info
# Scan target ports
python3 maryam.py port -i target.com -p 80,443,22,3306
# Provides:
# - Open/closed status
# - Service identification
# - Version detection
# - Known vulnerabilities
# Search Shodan database
python3 maryam.py shodan -q "product:Apache"
# Find devices running:
python3 maryam.py shodan -q "org:Target Company"
# Results include:
# - Device IP addresses
# - Geographic distribution
# - Service versions
# - Vulnerabilities
# Stage 1: Domain analysis
python3 maryam.py osint -d company.com
# Stage 2: Email enumeration
python3 maryam.py email -d company.com
# Stage 3: Verify emails
for email in $(cat emails.txt); do
python3 maryam.py verify -e "$email"
done
# Stage 4: Employee social profiling
python3 maryam.py search linkedin -q "company:Company Name"
# Stage 5: Technology stack analysis
python3 maryam.py web -d company.com
# IP reputation check
python3 maryam.py ip -i suspicious.ip.address
# Domain threat analysis
python3 maryam.py osint -d suspicious-domain.com
# Email breach correlation
python3 maryam.py breach -e admin@suspicious-domain.com
# Combine findings for threat profile
# Discover company infrastructure
python3 maryam.py osint -d competitor.com
# Find subdomains and technologies
python3 maryam.py cert -d competitor.com
# Identify employees (from email enumeration)
python3 maryam.py email -d competitor.com
# Analyze technology stack
python3 maryam.py web -d competitor.com
# Create competitive intelligence report
# Create target list
cat > targets.txt << EOF
example1.com
example2.com
example3.com
EOF
# Batch reconnaissance
for domain in $(cat targets.txt); do
echo "=== Processing $domain ==="
python3 maryam.py osint -d "$domain" > results_$domain.txt
python3 maryam.py email -d "$domain" >> results_$domain.txt
done
# Enumerate emails for multiple domains
for domain in company1.com company2.com company3.com; do
python3 maryam.py email -d "$domain" > emails_$domain.txt
done
# Consolidate results
cat emails_*.txt > all_emails.txt
# Remove duplicates
sort -u all_emails.txt > unique_emails.txt
# Verify all emails
python3 maryam.py verify -f unique_emails.txt > verification_results.txt
# Create email list from enumeration
python3 maryam.py email -d target.com > target_emails.txt
# Check all emails against breaches
while read email; do
status=$(python3 maryam.py breach -e "$email" | grep -o "Found\|Not Found")
echo "$email: $status" >> breach_status.txt
done < target_emails.txt
# Summarize findings
grep "Found" breach_status.txt | wc -l
# Export to JSON (machine-readable)
python3 maryam.py osint -d target.com --json > results.json
# Export to CSV for spreadsheet analysis
python3 maryam.py osint -d target.com --csv > results.csv
# Standard text output for reporting
python3 maryam.py osint -d target.com > investigation_report.txt
# Comprehensive report creation
{
echo "=== OSINT Investigation Report ==="
echo "Date: $(date)"
echo "Target: target.com"
echo ""
echo "=== Domain Analysis ==="
python3 maryam.py osint -d target.com
echo ""
echo "=== Email Enumeration ==="
python3 maryam.py email -d target.com
echo ""
echo "=== Certificate Analysis ==="
python3 maryam.py cert -d target.com
} > comprehensive_report.txt
# Edit configuration file
nano ~/.maryam/config.py
# Configure API keys for:
# - Hunter.io (email enumeration)
# - Shodan (device search)
# - VirusTotal (threat intelligence)
# - Censys (certificate data)
# - Custom API integrations
# List available modules
python3 maryam.py --list
# Show module options
python3 maryam.py search [module] --help
# Execute with custom parameters
python3 maryam.py osint -d target.com --deep
# Export subdomains for Nessus scanning
python3 maryam.py osint -d target.com | grep "subdomain" > subs.txt
# Use emails with Spraying tools
python3 maryam.py email -d target.com > wordlist.txt
# IP data for threat intelligence
python3 maryam.py ip -i 192.0.2.1 | tee ip_report.txt | grep "threat"
# Multi-stage reconnaissance pipeline
python3 maryam.py osint -d target.com | \
grep "subdomain" | \
cut -d' ' -f2 | \
while read sub; do
python3 maryam.py ip -i "$sub"
done
# Process with rate limiting (avoid detection/blocks)
python3 maryam.py osint -d target.com --delay 2
# Parallel processing for multiple domains
cat targets.txt | xargs -P 3 -I {} \
python3 maryam.py osint -d {} > results_{}.txt
# Monitor system resources
watch -n 5 'ps aux | grep maryam'
# Use proxy for anonymity
python3 maryam.py osint -d target.com --proxy http://proxy:8080
# Retry failed requests
python3 maryam.py osint -d target.com --retry 3
# Timeout configuration
python3 maryam.py osint -d target.com --timeout 30
Best practices:
1. Use VPN/proxy for all queries
2. Rate limit queries to avoid detection
3. Use API keys carefully (don't hardcode)
4. Rotate IP addresses if possible
5. Vary user agents and headers
6. Space out requests over time
7. Review results for exposure
Authorized use only:
✓ Authorized penetration testing
✓ Legitimate threat intelligence
✓ Public OSINT for research
Legal concerns:
✗ Unauthorized access attempts
✗ Privacy violations
✗ Data collection violations
✗ Circumventing detection systems
✗ Scraping against ToS
| Issue | Solution |
|---|
| ”Module not found” | Run pip3 install -r requirements.txt again |
| ”API limit exceeded” | Upgrade API tier or add API keys for alternatives |
| ”Connection timeout” | Check network; use proxy; increase timeout |
| ”No results found” | Verify input format; try different modules |
| ”Permission denied” | Run with python3 if not in PATH |
# Check Python version (3.6+ required)
python3 --version
# List available modules
python3 maryam.py --list
# Test basic functionality
python3 maryam.py osint -d example.com
# Verify API connectivity
python3 maryam.py search hunter -q test
Find outdated software versions across organization:
1. Enumerate subdomains
2. Detect technologies with fingerprinting
3. Check versions against CVE databases
4. Report vulnerabilities by prevalence
Map vendor and partner ecosystem:
1. Find organization websites
2. Enumerate business partners from data
3. Analyze partner infrastructure
4. Identify cross-company vulnerabilities
5. Create supply chain risk map
Rapid breach investigation:
1. Email enumeration for affected organization
2. Check breach databases immediately
3. Analyze IP reputation of attackers
4. Timeline construction from WHOIS data
5. Identify similar attack patterns
- TheHarvester: Email and subdomain enumeration
- Shodan: Internet search engine
- Hunter.io: Email discovery API
- Censys: Internet intelligence
- SpiderFoot: OSINT automation
- Recon-ng: Web reconnaissance
- OSINT Framework: Comprehensive OSINT guide
