290 likes | 417 Views
Maryam framework tool is an OSINT (open source investigation) tool. Mostly this tool is used for web application penetration testing to recon the information about the web application. This Maryam tool is built in the python programming language. It is easy to understand and every penetration tester can use this tool for collecting the best information about target.
E N D
SIMPLE TO USE OSINT (OPEN SOURCE INVESTIGATION) FRAMEWORK – MARYAM INTRODUCTION Maryam framework tool is an OSINT (open source investigation) tool. Mostly this tool is used for web application penetration testing to recon the information about the web application. This Maryam tool is built in the python programming language. It is easy to understand and every penetration tester can use this tool for collecting the best information about target. ENVIRONMENT OS: Kali Linux 2019.3 64 bit Kernel version: 5.2.0 INSTALLATION STEPS Use this command to clone the tool git clone https://github.com/saeeddhqan/Maryam. root@kali:/home/iicybersecurity# git clone https://github.com/saeeddhqan/Maryam Cloning into 'Maryam'... remote: Enumerating objects: 188, done. remote: Counting objects: 100% (188/188), done. remote: Compressing objects: 100% (119/119), done. remote: Total 263 (delta 100), reused 115 (delta 64), pack-reused 75 Receiving objects: 100% (263/263), 261.68 KiB | 492.00 KiB/s, done. Resolving deltas: 100% (126/126), done. Use cd command to enter into the Maryam directory. root@kali:/home/iicybersecurity# cd Maryam/ root@kali:/home/iicybersecurity/Maryam# TOOL EXECUTION Use command ./Maryam. To lunch the tool.
Use command help, to view the all help option in the tool
Next, use command show modules. To view all the modules in the tool In this tool, we have two types of modules o Footprint o OSINT When we use the above command to see modules and it’s sub-classifications
FINGERPRINT MODULE Fingerprint module is used to collect information about any domain. CRAWL PAGES MODULE This module is used to crawl details about a particular website. In the results, we see all the URLs about the domain, Emails and social network details in this. Commands to set the module and execute o Use this command to set the module Use footprint/crawl_pages o Enter show options, to view requirements for executing the module o Use <set option name > to change any option in the module. o Use the run command to execute the module.
Commands to execute the module o Use this command to set the module use footprint/Wapps o Enter show options, to view requirements for executing the module o Use <set option name> to change any option in the module. o Use the run command to execute the module. o If any website is built on some specific framework, then using static analysis of code we can find issues in web application, as commented by ethical hacking researcher of International Institute of Cyber Security. FBRUTE MODULE This Fbrute modules check in all types of modes like General, PHPINFO File, Log files, Apache status and, admin panel. Commands to set the module and execute o Use this command to set the module use footprint/fbrute o Enter show options, to view requirements for executing the module o Use <set option name > to change any option in the module. o Use the run command to execute the module.
Now, lets open any URL in the browser and check whether we can find any data. OSINT MODULE OSINT is also called an open-source investigation. This is used to collect the details, which are publicly available on the internet. CRAWLER MODULE The crawler module is used to collect the URLs of the domain. Commands to execute the module. o Use this command to set the module use osint/crawler o Enter show options, to view requirements for executing the module o Use <set option name > to change any option in the module. o Use the run command to execute the module.
EMAIL MODULE This module collects the list of email of a domain. Commands to execute the module. o Use this command to set the module Use osint/email_search. o Enter show options, to view requirements for executing the module o Use <set option name > to change any option in the module.
o o Use the run command to execute the module. These email address can further be used for social engineering attacks. SOCIAL NETS The social nets module is used to collect URLs about a domain in social media applications. Commands to execute the module. o Use this command to set the module Use osint/social_nets o Enter show options, to view requirements for executing the module o Use <set option name > to change any option in the module. o Use the run command to execute the module.
CONCLUSION This is a good tool to collect information about any web application. Most of the penetration testers can used this for first phase of pentesting.
Contact https://www.securitynewspaper.com/ MEXICO 538, Homero #303, Chapultepec Morales, Mexico D.F (Distrito Federal) 11570 INDIA Fifth Floor, HB Twin Tower Netaji Subhash Place, Delhi NCR, 110034