how do you hack and what sofeware do you use white hat hacking
Unlocking this for a sec to clarify something:
Not all hacking is illegal. There are three main categories of hacking, white hat (legal hacking), black hat (illegal hacking), and grey hat (iffy hacking).
White hat hacking is done with consent of the program owner, therefore making it legal. Usually it is done to expose security flaws in a program and this is a real career that exists (it's called ethical hacking).
Black hat hacking is done without permission and is typically used for malicious things.
Grey hat hacking is also without permission but it is "good-spirited". Grey hat hacking is illegal like black hat hacking. Depending on who you ask, it might be plain old black hat hacking anyways.
Anyways, discussing any sort of "hacking" that involves breaking computer systems/programs, no matter if white/grey/black hat, is still not allowed. Thank you.
Starter kit: Kali Linux, knowledge of a lot of languages, especially python, and someway to learn (youtube videos, udemy, ect). FYI, you won't get to do like DOS attacks on your first day of hacking, learning is a very long process that takes years or so, and you need to know a lot about what you are hacking. If you can't be persistent or are impatient, you might as well not start. Also, It is absolutely nothing like hacking in the movies, it's wayyy more slow and boring, so no, you won't be hacking anything in just a few seconds. As for what you can do with it, if you are a white-hat, you can maybe earn some money pen-testing for some company, but don't expect a lot as a beginner. A good resource for that is HackerOne.
I don't think you'll get very far with big sites like twitter using brute force. There's always security measures such as cooldowns, caption verification thingies (aka captcha's) to make sure brute force doesn't work.
If you're interested in the subject in general, here are some websites that go over some vulnerabilities:
Cross-site scripting (aka XSS or code injection):
Cross Site Request Forgery (aka CSRF):
Man in the middle attack:
Format String Attack:
Buffer Overflow Attack:
Do avoid trying any of these on commercial applications (basically don't do this on real websites, you could get into serious trouble).
Hacking can be used for good and can be used for bad things too. What do you want to do with it?