Way back, hack.wtf posted "The Art of Doxing", an article that outlined some beginner and advanced techniques of doxing (or doxxing). Over time, I had revised the content of the article and made it my own guide of very solid techniques, while also grouping everything neatly to lay down a nice set of techniques. Wanna see? Here you go:

http://hack.wtf/doxing/ (this tutorial is loosley based off of this article)

Doxing is a term used for the process of digging up profiles, pictures, addresses, emails and other relevant information from public sources, about an individual when you have very little information to start with, usually just a username or an email address. Another word for doxing is Document Tracing and is also sometimes spelled Doxxing (2 x’s). I use various doxing techniques to find emails and information about people when I need to contact them, about an issue with their website, when they have not provided any means of contacting them through said website.

THIS IS IMPORTANT TO REALIZE! The three main ways of finding information for your dox are:

Social media (finding their profile with just a name, email, or picture)

Government records online (people searching records like whitepages)

Domains (if they own a website, a WHOIS-type lookup gets you some of their information)

So now we will delve into the methods of getting some dox!

Real Name + Address + Email address Combinations into Search Engines or Social media sites (Facebook, Twitter, Instagram, Vine, etc.) We'll start here as this could lead to any of the three ways of finding dox information, as you could get usernames on social media or whitepages records! If you’ve got the real name of the person you are trying to find more information about, and you might have an idea of where he/she/it is located, you can start combining the name and part of the address like so: “john smith us” “john smith florida” “john smith Osceola St” This method also works well with email addresses and usernames, try various combinations of the username, email, name and address to get more and more information about your subject.

Reverse Username Search If the particular information that you’ve got about the person you are trying to dox is a username from a place like reddit, steam or a forum, you could try to copy-paste the username into Google or any other search engine and look for profiles on other websites that are using the same username. It’s highly likely that the person has used the same username on multiple websites, if the person has shared personal details about himself using the same username somewhere else than you should be able to find it pretty easily via “clever Googling”. A quick and dirty way to search for a username on a bunch of popular websites at once is to use a website called "KnowEm" (linked below), it will take the username that you’ve specified and go out and check if it is registered on any of the 500 social networks that it has in it’s database. Searching for the username on Skype may also prove successful and might give you the person’s full name and possibly a picture of the individual.


Reverse Image Search With the recent advances in technology doing a search based on an image has become quite trivial, lets imagine that the person that we want to find more information about is someone on a forum, he has a picture of himself as an avatar. If you are using Google Chrome you can simply right click on this avatar and chose the option “Search Google for this image.”, you will then be taken to a Google search result page where you will find links to other websites where the exact or a very similar image has been used, most of the time people have a single “profile picture” that they use everywhere.

People Searching Find people the way that you know them. People searching sites allow you to find people using the information you know about them. If you have an email address, or know what city they live in, or their social network ID, or only a phone number, you will be able to use this information to find the person you are looking for. A simple Reverse Phone Lookup or Vehicle Identification Number (VIN) search can lead you directly to the person you want to get in touch with. Some popular people searching sites are:

http://www.whitepages.com/ (free and most reliable)




http://www.infobel.com/world/default.aspx (universal phone lookup service for anywhere in the world)

WHOIS Lookup If the person you are trying to dox happens to have a website you could try to do a WHOIS lookup on the domain name by using a service such as who.is or any other website out there that provide you with a WHOIS lookup feature (there are a lot of them). A WHOIS lookup will return various information about the domain owner like their name, email, phone number and address. Sometimes people purchase WHOIS Privacy plans from their domain registrar to mask their names from the WHOIS information, if the person that you are trying to find information on has done this, you will usually see a generic “WHOIS PROTECTION LLC” company name as the domain owner. Doing a WHOIS lookup on a domain will ask the appropriate WHOIS server for the TLD (top-level domain) that the website is using, what that basically means in layman terms is that there are different servers for ever .com, .net and .coffee ending that is currently in use, you may find a list over these servers on the official IANA webpage. Keep in mind that the email specified in the whois lookup result often forwards all the emails it receives to the actual domain owner’s email, do not rely on this to be true though.



Reverse IP Domain Lookup Since we’re talking about domains and websites, I thought I’d throw in a little advanced tips that could be very useful if your target has a website, It’s a trick called Reverse IP Domain Lookup, it is the process of using a search engine to look for websites that are hosted on the same IP address as the website of the individual you are trying to find information about. Example: John Smith has a kitten-hating website called KittenSlaughter.com, you are extremely against this website and want to find out what horrible person is running it, but John has purchased domain privacy and the WHOIS information for the KittenSlaughter.com domain is not useful to you. What you could do then is to go to a Reverse IP Domain lookup site (list below) and type in the IP address of the KittenSlaughter.com domain (Open CMD and write ping kittenslaughter.com then copy the IP address). You will then get a list of websites that are hosted on the same IP, now, bear in mind that there is no guarantee that any of the websites that are hosted on the same website actually belongs to John Smith, but with some manual checking and looking through each of the websites you should be able to filter out the irrelevant websites and find likely the ones that likely belong to the kitten hating individual. Here are some good, reliable websites that provide Reverse IP Domain Lookup services, I suggest that you cross-check between all of them:

http://reverseip.domaintools.com/ (paid)

http://www.my-ip-neighbors.com/ (free)

http://www.majesticseo.com/reports/neighbourhood-checker (free)

Closing remarks

Tracing someone down on the internet is not a hard thing to do, it takes a little bit of clever searching and maybe a few hours of cross-checking of information, it wouldnt take an experienced “doxer” more than a few hours to have a complete profile of an individual.

Another useful tool for doxing is "Creepy", which extracts geolocation data out of Twitter and Flickr usernames.

For a template I made for a dox file (also has remnants of previous doxer's fundamentals), visit this Pastey.

EDIT: Annoying formatting issues, also just reminding you that I do not take full credit, as a good amount goes towards the original articles efforts.