The OSWA-Assistant is a free, self-contained, wireless-auditing toolkit for both IT-security professionals and End-users alike.
This toolkit is our contribution to the wireless security/auditing community and, as the "Assistant" moniker implies, and is designed for the following groups of people:
IT-security auditors and professionals who need to execute technical wireless security testing against wireless infrastructure and clients;
IT professionals who have responsibility for ensuring the secure operation and administration of their organization's wireless networks;
SME (Small & Medium Enterprise) and SOHO (SmallOffice-HomeOffice) businesses who do not have either the technical expertise or the resources to employ such expertise to audit their wireless networks;
Non-technical-users who run wireless networks at home and who would like to audit the security of their wireless home networks and laptops but don't know how.
We found that many IT-security professionals who attended the OSWA certification programme frequently requested for a ready-to-use toolkit which they didn't have to install on their corporate laptops as these laptops were often governed by corporate rules on software installation. Additionally, many auditors could not re-partition their company-supplied laptop's hard drive just to install a Linux environment because of those same corporate rules.
They also complained about the user-unfriendliness of many LiveCDs available today in that they assumed that the user was a Linux expert, thus having their tools kept in different locations on the CD, or having menus for some tools while others have no menus at all, and in general not being easy to navigate or use, as well as their non-wireless-specific focus. The wireless auditors just wanted to do the job without having to go hunting all over the place for the tools. Thus, was born the specialized OSWA-Assistant wireless auditing toolkit, which is designed to address these gripes.
All IT-security professionals can use the OSWA-Assistant for wireless auditing as the toolkit is intended for wireless auditing specifically. We have also not gone down the "look ma, i've got bazillion tools" route because the name of the game here is efficiency and ease of use. The included list of tools is more than sufficient to allow the wireless auditor to complete his/her job in a thorough consistent manner without being confusing in number. In addition, some of the included applications (e.g. Probemapper and MoocherHunter) have been specially designed for use as part of the OSWA-Assistant.
But wait! You mentioned "non-technical users" above! Why release something that end-users can also use? Isn't wireless auditing supposed to be for pros only??
The reason for addressing this second group is because Home-owners and SOHO setups often do not have the money to engage qualified technical professionals to conduct wireless audits, even though they may be owning and running wireless networks. And we also don't believe that the usefulness of a LiveCD-format wireless auditing toolkit should be confined to only the technically-inclined.
Thus, the OSWA-Assistant also aims to empower these individuals and small businesses (who would otherwise not be able to pay a security company to audit their wireless networks or have the time to do research on their own) do basic self-help wireless auditing to find out if their wireless networks and clients have any weaknesses and to secure them before any bad guys (hackers, competitors, etc) can attack and compromise them. It does this via a ThinkSECURE-developed onboard help system called the OSWA-Assistant ActivityMap, which we believe to be a first-of-its-kind-in-the-world feature for a LiveCD.
Only On The OSWA-Assistant
"I would like to personally thank you for creating such a program that finally enables us to complete our job and protect our children from predators and other criminals." - Detective Speakman
MoocherHunter is a free mobile tracking software tool for the real-time on-the-fly geo-location of wireless moochers, hackers and users of wireless networks for objectionable purposes (e.g. paedophile activity, illegal file downloading, illegal music/video sharing, etc).
(for MoocherHunter Law Enforcement Edition, please see below)
100% Made-In-Singapore with ThinkSECURE-proprietary code, MoocherHunter was first unveiled to Southeast-Asian law enforcement officials at the Singapore Police Force's invitation-only CyberCrime Investigation Workshop 2008 held in Singapore in April 2008.
MoocherHunter is licensed under the MoocherHunter License as part of the OSWA-Assistant wireless auditing LiveCD toolkit (note: only on version 0.9.0.3b and above) which is free for end-user download at http://oswa-assistant.securitystartshere.org.
MoocherHunter identifies the location of an 802.11-based wireless moocher or hacker by the traffic they send across the network. If they want to mooch from you or use your wireless network for illegal purposes (e.g. warez downloading or illegal filesharing), then they have no choice but to reveal themselves by sending traffic across in order to accomplish their objectives. MoocherHunter enables the owner of the wireless network to detect traffic from this unauthorized wireless client (using either MoocherHunter's Passive or Active mode) and enables the owner, armed with a laptop and directional antenna, to isolate and track down the source.
Because it is not based on fixed or statically-positioned hardware, MoocherHunter allows the user to move freely and walk towards the actual geographical location of the moocher/hacker. And of course, as part of the free OSWA-Assistant wireless auditing LiveCD toolkit, MoocherHunter is also FREE for end-users to use on their existing laptops (so long as it is only run within the OSWA-Assistant environment) with off-the-shelf supported wireless cards.
In residential and commercial multi-tenant building field trials held in Singapore in March 2008, MoocherHunter allowed a single trained operator to geo-locate a wireless moocher with a geographical positional accuracy of as little as 2 meters within an average of 30 minutes.
Download MoocherHunter and the OSWA-Assistant here.
(i) For accurate and proper results, please remember to use a directional antenna, and not an omni-directional one, regardless of whether it claims to be high-gain or not.
(ii) If you get a Segmentation Fault while running MoocherHunter (e.g. your WNIC shuts itself down halfway), please make sure the process is killed before restarting. You can issue a "ps -eaf" command, look for the process ID tied in to the segfaulted process and then type "kill (process ID)" where (process ID) is the PID number.
(iii) As of version 0.6.5, please make sure you select the correct chipset which your wireless card is based on, otherwise your results will be wrong, even if the program starts up. The officially-supported chipsets for MoocherHunter ver 0.6.9a & up are: Prism54G(HARDMAC), Atheros (all models before AR9xxx series), RTL8187, RT2500, RT2570, IPW2200 and IPW2915.
You can view a little video clip we've put together below during our field testing cycle in Singapore in early Jan 2008 which describes MoocherHunter and a basic summary of how to use it.
However, if you are interested in getting formal training on the proper techniques regarding effective deployment & use of MoocherHunter (or how to become a certified Organizational Systems Wireless Investigation & Law Enforcement Professional (OSWILEP)), please click here or email the following address:
For police and other legitimate Asian law-enforcement organizations in who have auditing compliance requirements, or who require a low-profile, covert solution during prosecution of a wireless-using suspect, we also provide the MoocherHunter Law Enforcement Edition to meet your needs.
MoocherHunter Law Enforcement Edition is a totally-redesigned, standalone, low-profile/covert-tracking commercial software solution which adds in some additional nifty features such as a remote-control web interface, 802.11a support, AP-hunting, evidence-logging and more. Please note that the MoocherHunter Law Enforcement Edition is NOT found on the OSWA-Assistant!
Please contact us regarding purchasing this separate commercial solution.
(note: please send your enquiry from a law-enforcement or similar corporate/organization address - we will not release any information to enquiries originating from free email service providers)
In their Best IT Security Tools for 2009 report, Security-Database.com listed the OSWA-Assistant as the WINNER in BOTH the "Wireless Auditing" and "Wireless Hacking" categories!
In case the above links are no longer live, you can see the report PDF here.
In their December 2007 article BEST IT Security and Auditing Softwares 2007, Security-Database.com listed the OSWA-Assistant as BEST in the "Wireless Testing" category and also RECOMMENDED / EXCELLENT in the "LiveCDs" category.
In case the above links are no longer live, you can see the pages of the article in these screenshots: Page1, Page2, Page3 and the Last Page.