Following are two tools for beginners that will help in testing websites and networks:

1. Burp Suite 

2. Nmap

3. Nessus

4. OWASP ZAP

5. JohnTheRipper

6. Metasploit

1. You have to learn how to use the Linux Operating system. Some basic commands which are used to create a file, delete a file, create/delete a directory, modifying permissions of files, downloading a file via command line etc can help. Refer to the link provided in Helpful resources below. 

2. When talking about web application penetration testing, it is required that you know at least the basics of HTML and Javascript languages respectively. More on these can be found in the link given in Helpful resources.

3. Once you are aware of the given things above, you can start practicing the use of common tools which are used in Web application penetration testing. Most common tool that is used is Burp suite, which is nothing but a proxy that will help you to better understand and view what communication is going on between your browser and the server. You can download Burp suite from the link given below.

4. Apart from Burp suite, you can also download and install a tool called NMAP. It is basically a tool which helps you to scan for open ports and identify which services are running on a particular port. This tool will come handy when you will be testing a network. You can download NMAP from the link given below.

5. Once done with the installation of these tools, you can practice them on a dummy application like DVWA and a dummy network vulnerable machine Metasploitable.