During the early 2000s in private chats or even in public IRC channels, self-styled “hackers” used to DOX people in order to prove their competence in “dark arts” (cit. Proceedings of the 39th SIGCSE). I always was fascinated by those guys that with few information such as an email address or a nickname were able to find out much of your entire life just looking on the web. Today, after several years a friend of mine asked me to start a DOX session against himself in order to evaluate what ‘Internet’ knows about him.

What is DOX ?

“Doxing” is a neologism that has evolved over its brief history. It comes from a spelling alteration of the abbreviation “docs” (for “documents”) and refers to “compiling and releasing a dossier of personal information on someone”. Essentially, doxing is revealing and publicizing records of an individual, which were previously private or difficult to obtain.

The term dox derives from the slang “dropping dox” which, according to Wired writer Mat Honan, was “an old-school revenge tactic that emerged from hacker culture in 1990s”. Hackers operating outside the law in that era used the breach of an opponent’s anonymity as a means to expose opponents to harassment or legal repercussions.

wikipedia: about DOXing

Nowadays the word DOX or the action to DOX someone gets a bad flavor since it undermines the victim privacy by publicly exposing sensitive data that the DOXer (aka who is performing the DOXing action) has collected and/or correlated. I will not expose any data but I’ll get the chance to review techniques and tools in order to give to my readers an updated view of DOXing tools in 2019.

DOXing methodology

When you start a DOXing session you might decide to play it by ear or to approach the problem with a methodology. Methodologies are not simple at this point since you need to map a back-to-forward and vice-versa information flow. In other words you need to forecast victim’s information that you might get from a victim’s peer or from a victim’s relative, so you need to be able to move from one peer to another one and to stop when you are moving far from the original victim. The feeling that stops you in getting too faraway from the original victim is something quite hard to define, we might decide to use an information threshold such as: after [random number] of iteration, or for example, only on public social profiles, or again getting deeper by defining everything is not involving another entity. Everything we define could be over-killing or restricting in the same way. So my best advise is to follow the path until you feel you are getting too far for your target, at that point wrap back information and start to focus on another way. The following image shows a simple flow that you might decide to take.

Simplified DOXing Flow

A simple but yet useful advise would be to take note to every finding coming from both: manual analysis and automatic analysis. It could sound as trivial suggestion, but I’m sure you will appreciate it once you will get hands dirty on such amount of data you might spot ! I’m used to Maltego, since it automates many searching steps, but there are many great tools out there, find your best fit and keep note of what you do !

Example from Maltego Blog

Used Tools

Fortunately there are a lot of tools for OSINT/Personal-INT which would be great to use. In the following list I’ve just selected some of them, the ones I personally think would get better results in 2019.

  • Doxing (by Hacking Live). It’s not super updated, but hey… Doxing is an ancient practice ! It works quite well and helps to automate many searches.
  • DoxTracker (by Kuro-Code). It would definitely help your automation searches since it includes many tracking web sites.
  • Maltego (by Paterva). Well maybe it’s the king of public information gathering, depending on how many services you will sign-in (Services are information sources) it extracts tons of information on your target.
  • FOCA (by Elevenpaths). FOCA (github) is another great and well-known software that allows you to automate many finding tasks. Unfortunately it runs only on a Windows machine, so if you are Unix/FreeBSD user you need to emulate a Windows OS.
  • FamilyTree. Is a great tool to try with. If you are lucky and your target is inside their DB, oh boy, you’ll get out tons of information to his relatives.
  • TruePeopleSearch. Very useful to find out address and/or phone numbers. It mainly works on US though.
  • PeekYou. It works great by searching on various sources including social networks and phone books. It works independently from the target states
  • Lullar. Another great social aggregation profiler. You can insert first and last name, nickname or the target email, it will check if the target is on socials and will provide you direct link to target social profile.
  • CheckUserNames. Sometimes you want to check if specific usernames exist on social networks. If this is your need CheckUserNames works great.
  • TinEye, Google Image Search, When you start to investigate pictures you could need to locate a specific picture, to do that you might want to find out similar pictures and seeking for comments/tags into similar pictures in order to locate the original picture.
  • Git-Fingerprint. Sometimes your target knows GIT and he might be using it.
  • PictaME. If you need to analyze Instagram profiles and or to check Instagram pictures without an Instagram account

It would be obvious, I know … but don’t forget Google searches. Automatic searches are great since speed you up, but Google and Bing! own a lot of information on your target. My best findings come from manual searches on google by correlating social comments and images.

This activity produced an acclaimed newspaper article on Scienze “La Repubblica” (Biggest Italian Newspaper) on 12 September 2019.

Scienze “La Repubblica” 12 Settembre 2019

Published by marcoramilli

Ethical Hacking, Advanced Targeted Attack Expert and Malware Evasion Expert