“White” hackers work on the principle of “thinking like a criminal” in order to understand the logic of attackers when searching for vulnerabilities, pentests, etc. Therefore, they use the same methods as the “black” hackers.
From the point of view of the tools used, there is also migration, but here it is the opposite:
from the dark side to the light side. The fact is that it is unprofitable for “black hats” to use “author’s” malware. It will be easier for security systems to identify it by a number of signs. Therefore, the trend for the use of “potentially unsafe” programs has long been overdue. This is how they are called antivirus solutions. As a result, the tools in the hands of both categories of hackers are essentially dual-use. They can be used not only by hackers, but also by “white hats”, so antivirus programs do not block such software, but warn about risks. Hacker Magazine gives a small list of such software: ScanSSH, Intercepter-NG, NLBrute, UBrute, RDP Brute, sqlmap, Netsparker, SQLi Dumper, Router Scan, Private Keeper, Havij, Metasploit, Armitage, DUBrute, Lamescan, Fast RDP Brute, njRAT, Acunetix.
For example, Intercepter-NG was created by a Russian programmer, and he wrote about it as software for pentest. He does not hide, maintains his blog, website, i.e. acts in a legal field. But some experts consider such software to be hacker and not without reason, since it can really be used to solve their tasks.