Programs

Lets get this straight 90% real hackers do not use pre made programs. What alot of hackers due is browse the web and look at source code for bad code or an opening. But I'm going to go with that most you don't know html, php etc... enough to spot these flaws. There are plenty of great tools out there for beginners to use such as.
Nmap
metasploit
tsgrinder
Security is a big thing for a hacker to practice, you don't want your scans coming back to you like a company calling you isp and saying this guy is port scanning me. So it is a good idea to always use a proxy or a proxy chain. Its pretty easy to find out who's port scanning you. I opened a log off my firewall and got this IP of someone who portscaned 5 of my ports 216.77.188.54 then I just go to Arin plug in the IP and bam I have an ISP Bell south and a location in the country Atlanta GA.
If you nmap a company with a static IP you probably will never get a call, unless they have an anal tech guy. It would take me about a week to go through a day of port scan logs so its not very worth it in my perspective. But do this without a proxy at your own risk. And make sure the proxy is anonymous and not transparent. LOL