No it is not illegal to own or use hacking software - as long as you are only using it on system where you have permission to use it, and your use is not with the intention of depriving a person or organisation of profit, income, or property.
There is a huge community of people doing this, and some manage to make a living by selling their services to organisations who want their security checked.
There are a lot of tools available to use. Some are commercially sold, and some are free. If you are serious about wanting to do this, a good place to start is with the free
REMnux.
REMnux is a lightweight, Ubuntu-based Linux distribution for assisting malware analysts with reverse-engineering malicious software. It incorporates a number of tools for analysing malicious executables that run on Microsoft Windows, as well as browser-based malware, such as Flash programs and obfuscated JavaScript. The toolkit also includes programs for analysing malicious documents, such PDF files, and utilities for reverse-engineering malware through memory forensics.
There are on-line and sit-in courses available at many institutions. One option is the
SANS Institute which is highly recommended if you are thinking of turning this into a career, but many others exist.
Whatever you choose, just for your own learning or something more serious, I wish you good luck. This world needs more people who are prepared to step up from just being a user, to being someone who is prepared to do something to change it.