There are other tools such as HackRF One, which is a software-defined radio that can also be utilized by penetration testers to perform any kind of radio sniffing or transmission of your own signals, or even replay the captured radio packets.

We will take a brief example of sniffing a radio frequency in Kali Linux using HackRF One SDR. HackRF libraries are pre-installed. Testers should be able to identify the device by running hackrf_info from the terminal. If the device is recognized, you should be able to see the following screenshot with the details of firmware, part ID, and so on:

Pentesters can utilize the kalibrate tool for scanning any GSM base stations. This tool can be downloaded from https://github.com/scateu/kalibrate-hackrf and be built using the following commands:

git clone https://github.com/scateu/kalibrate-hackrf

cd kalibrate-hackrf

./bootstrap

./configure

./make && make install

Once the installation is complete, kal will be the tool to utilize to scan any specific band or by mentioning the frequency as shown in the following screenshot:

If the testers could identify the type of peripherals during an on-site assessment and found the company is utilizing certain vulnerable hardware, then one can also utilize Crazyradio PA, a long range 2.4 GHz USB radio dongle that can deliver a payload to any computer that is using the vulnerable device through radio wireless signals.