The Complete Doxing Guide || EveryThing Included

 





This complete guide will show you everything you need to know to get started with doxing. I have written several doxes, some of which have been viewed and shared tens of thousands of times. It will serve as a step-by-step guide on creating your own dox on almost anyone. This goes over some tactics I've developed myself so hopefully if you are a seasoned doxer yourself you will still learn somethin


Requirements:

A brain
A computer (with internet)
An IQ over 80

If you are missing one of the above, you can stop reading now.

A few things to keep in mind:
* Not everyone is plausible to dox. I'd say about 90% of people you encounter can be doxed with a reasonable amount of effort, but good opsec can make one *very* difficult to dox effectively (almost never completely impossible though). Lucky for you, it is rare to find people who actually take their Opsec seriously. After all, the billions of people who have accounts on Facebook and Twitter clearly don't. Whether someone is an easy target or not depends in part on luck, such as if they've been exposed in any database breaches.
* Doxing most people can be done in an afternoon, but harder targets could take days or weeks. Doxing is rarely easy and requires patience.
* When composing a thorough dox, write EVERYTHING you find out down. Whether it's a lead (as in an important fact about them that you can use to find out more) or just a random interest of their's. Sometimes even the most unexpected details may end up being useful. Often times, interests or other facts about their life can be used to draw different conclusions about their identity. If you don't find any leads during your attempts, you may need to resort to getting creative with whatever other info you have found on them.

--

This doxing guide is organized by the different stages I usually go through when creating a dox on an individual.

1. Basic recon

To start your dox, we need to first gather basic info. What information did you start with on an individual? If it's a name (such as real name or their username) that can be tied to their online identity, start by looking it up in Google and searching for relevant results. If you don't have any unique information on them, then you've likely hit a dead end. Finding results that are relevant and not unrelated takes some common sense, logic and experience. Your first few doxes may have a lot of inaccurate information, but you will get better as you do more.

If you looked up a username, keep track of every website they have an account on. Skim through their pages and see if you can find any other easy leads. Keep track of every username, email etc that you find of theirs.

This first step of doxing usually starts with making a list of all of the usernames and social media accounts.

2. Unintentionally public information

There's a few places you can find unintentionally public information. If they have a YouTube account, then in the "about" section it might let you view their email associated with it (usually not, but when it does it is often a massive help). If they have Twitter or you find a Gmail or Microsoft (outlook, live, etc) email address of theirs, you can find additional information through the respective password reset forms, such as a censored version of their email or phone number, or what phone they have. Most of this information isn't terribly useful on its own, but can be used to verify or supplement other stuff that you find. Sometimes people have an email address that is the exact same as their username.

Note that the amount of asterisks that twitter places on a censored email corresponds exactly to how many characters it has, although this isn't the case with censored information for Microsoft emails. Sometimes, the phone that someone has can give clues about which region they are in and their lifestyle (i.e, someone with a high standard of living is more likely to have an iPhone rather than an android, and certain phone brands are popular specifically in certain countries). Many other sites may have these kinds of things, but I'm just listing the big ones that I have used myself.

3. Account leaks

This part may cost you some money but the reward could be massive if you succeed. If you find much on the victim, not only will you have all their info but you may be able to start hacking into their accounts as well (theoretically speaking; this is illegal and I don't condone it). Go onto a site that lets you view leaked databases (such as leakedsource.ru) and start entering all the info you have found on the victim. You can see if there is any without paying, but you will need to pay in crypto (worth about $10 for a 1 day subscription) to view the actual database records. Sometimes you can also find the individual database leaks published for free on various random forums. Doing that tends to be time-consuming and opens you up to malware if you aren't careful, so I prefer going through Leakedsource. Info you may find include passwords (which would be good for humiliating the victim since most people use shit passwords) and other additional personal info.

Passwords you may find are either hashes or plaintext. It's surprising how many trash websites store passwords with zero encryption, so if you encounter any of those you should save the passwords for later use. Usually the passwords are hashed though. Sometimes they are salted, and sometimes they aren't. If the hash is salted, don't even bother trying to crack it because you'd be wasting your time. If it isn't salted (which LeakedSource should tell you if it's not) then you may be able to find the plaintext version somewhere. There are(were) sites such as hashes.org for finding the plaintext versions of these, but unfortunately that site is no longer online. There are various ways to do this just from your PC depending on the type of encryption used but this typically requires a lot of time and processing power, and thus isn't feasible for regular people. If anyone knows of any alternatives to hashes.org, please let me know.

4. Public Records

The key part of any dox is having their full name. If you are doxing a public figure, you most likely have this already. If targeting some random kiddo online, obtaining this will probably be the most difficult part of your dox.

Once you have their full name, the floodgates of publicly available information have opened. You can begin scouring public records to find info such as property records, police record, addresses, phone number, etc. Sometimes even social security and other info that isn't supposed to be public. Note that what is saved as public records can vary massively based on jurisdiction. i.e, Arizona is one of the few states where you need to enter a special identifier to view their voting history in the US. Most states simply require name and birthday. Since each state has their own public record systems, I can't provide a single link for you to use. I don't think places outside of the US publish public records quite as religiously, so finding useful info this way for targets elsewhere in the world may be difficult. Services like Whitepages aggregate most of these records, but you will need to pay to view all of them. If this is not an option, you will need to find them yourself with Google.

4. Ultimate scrape

Still not satisfied with the info you have found? There is a last ditch effort I call the ultimate scrape. It will take you a very, very long time compared to other methods here but has the highest success rate. Go through EVERY single one of their social media posts.

Sometimes, using the Wayback machine may prove to be helpful as well, if their page once contained personal information that was removed.

Still haven't found anything? If this is the case you will need to start getting creative to find anything you can. At this point, finding their exact location might be out the window but you can still get a good idea of where they are. If they have posted images of real life in an area receiving natural light, you can usually use this to find their approximate coordinates based on the angle of the shadow (once again, usually not that accurate but it may still help). There has been at least one instance where someone I was investigating posted a picture that they took of the starry night sky. In a similar way, this can be used to figure out their rough location. You may also want to try seeing if any sites they have posted images on have intact EXIF data, although usually they don't. If their pictures have naturally growing plants in them, you may be able to figure out which species they are, which should give you a decent estimate of the target's location.

5. Verification

So you have your dox. It would be kind of useless if it turned out to be entirely wrong, so we need to verify what we can. Assuming you wrote down everything you found like I recommended, it should be pretty easy to tell if it adds up or not. Most people figuratively (and sometimes literally) shit themselves when discovering they've been doxed, so perhaps the easiest but least discrete way to verify it would be to just show your dox to them, i.e by posting part of it (posting it all at once is usually a bad idea) in a chatroom they are in. If they shit and piss and throw a tantrum when discovering their internet anonymity has been shattered, that's a good sign. If they deny its accuracy without much reaction, this is a bad sign. Of course, some people can hide their true reaction, although most cannot.

Examples
Doxing requires some tact and intelligence. No guide can perfectly cover doxing as the process for different people is often times radically different. I'll outline some examples of how you may dox an individual in certain situations. *Probably* not based off of real situations I or someone else has encountered.

1. Some faggot you met on discord in a conversation tolls you that he goes to a school with about 650 students (this is a fairly arbitrary fact and a lot of people probably wouldnt mind telling you if you just asked). you ip grabbed the little shit and look at all the schools around the IP's purported location. After looking for a few minutes, bingo, you find a school nearby with exactly 650 students, and then you eventually find his personal social media (thus full name and everything else) by going through the socials of everyone at his school. You verify that the social media is his because it talked in the same way, posted the same memes and the victim later admits it was his.

2. Some narcissistic piece of human trash that you meet a while ago had his last name in the password of one of his accounts from a database leak. His twitter account had the same password, and upon looking through all his DMs, one from a personal friend referenced his first name. Thus you have his full name, and pairing that with other info that he made public finding everything else is a cakewalk.

Advanced tactics
If nothing else works, you may need to try a more sophisticated approach. There's many types of these and I can't provide in-depth details on all of them, as many of them are intricate practices of their own. Such techniques may include phishing to get details on the victim such as IP, email, password, etc. Only do this you think there's a good chance of the victim falling for it, a failed attempt may do more harm than good by putting the target on high alert.

Conclusion
While this guide contains some resources, you will need to do your own exploring to get good at doxing. There's way too many small clues that you may find that could help you for me to go over all of them. One such piece of trivia that you could encounter is that 2% of people always follow their sentences by two spaces instead of one. This has been a fact that has been used in attempts to unmask Satoshi Nakamoto, the creator of Bitcoin. This doesn't seem like more than trivia on its own but it could help you stay on the right track if you are examining someone's online presence. There's literally thousands of such clues that you may discover over time and could help you in small or big ways and you will learn many of them as you go.

Other tools
* IP grabbing can take two forms. There's various sites such as Grabify for easily doing this and for free. If you have a website or VPS and know how to find the victim's IP using either some kinding of logging script in PHP or through shell utilities like netstat, you can do this instead and have much more freedom in how you grab their IP. Don't be a skid, just because you have someone's IP doesn't mean you've doxed them. In fact, IPs are nearly useless on their own and the information you can find associated with them can be wildly inaccurate. IPs are an important part of any good dox, but be cautious when using them to find out more info.
* EXIF Metadata has helped me in some cases. Professional and phone cameras often store metadata that includes location and other potentially useful info. The problem is that most sites strip this from images, however some do not.

Resources
https://www.whitepages.com/ - Public records aggregator
https://www.truepeoplesearch.com/ - Like whitepages but makes a bit more info available without paying
https://leakedsource.ru/ - Leaked DB lookup
https://*BannedWebsite*/ - IP grabber
http://metapicz.com/ - EXIF viewer
https://archive.org/web/ - Wayback machine
https://doxbin.org/ - Share your dox with the world!

GARBAGE websites (DO NOT USE)

http://haveibeenpwned.com/ - Useless website. Normies like it because it makes them feel like they have forbidden 1337 hack3r knowledge even though it contains no useful info. Go on leakedsource instead.

Other tips
* Once you have doxed someone, you may want to try taunting them with their personal info. Not to blackmail them or anything (unless you want to, lol) but because you can use their reaction to gauge whether it is accurate or not. Speaking from experience, people *usually* won't deny it if your dox is correct, or at least you can guess their comfort level by how they respond to it.
* Google is your friend! You can find 90% of the information you need just by looking it up. Search engines are every doxer's secret weapon. To search for a more precise term, encapsulate it in quotation marks in the search bar.
* The correct spelling of the past-participle of "dox" is "doxed." Please stop spelling it with 2 X's, that is incorrect.
* There's plenty of other posts on this forum that cover tactics and resources that I don't use. You should read up on some of those, no one guide will make you an expert on doxing. In fact no amount of guides would, you just need to start doing it and it will come to you over time. I had zero knowledge when I started.

FAQ
Q: Is doxing legal?
A: Contrary to what a lot of noobs think, it is fully legal up until you start hacking or phishing them, and as such I can't condone that stuff. If you are just getting information from them through public means, then it is 100% legal.
Next Post Previous Post
No Comment
Add Comment
comment url