1. Linux (command line / distributions like Kali or Parrot) — the foundation of everything;

2. Networking tools: tcpdump and Wireshark — for capturing and analyzing packets and understanding protocols.

3. Nmap — network/port scanning and service discovery.

4. Metasploit Framework — penetration testing platform (exploitation) and payload preparation.

5. Burp Suite (Community) / OWASP ZAP — web application security testing (proxy, vulnerability scanning).

6. SQLmap — tool for automating detection and exploitation of SQL injection vulnerabilities.

7. Nikto — simple web application scanner for HTTP/server misconfigurations.

8. Hashcat / John the Ripper — password cracking (wordlists and hash cracking).

9. Ghidra (or IDA Pro) 

Reverse engineering software

10. Snort / Suricata / Zeek (Bro) — network detection/analysis systems (IDS/NSM).

11. Nessus / OpenVAS 

Vulnerability scanning

12. Splunk / ELK (Elasticsearch, Logstash, Kibana)  

Event analysis, core SIEM.

13. PowerShell / Windows Sysinternals 

Windows systems and attack/defense.

14. Docker / VirtualBox / VMware — building virtual labs.

15. Git & basic Python / Bash scripting — for automation, tool modification, and creating PoCs.