If using Kali is not an option, install these tools when provisioning a clean system for pen testing web applications.
- Python 3 https://docs.microsoft.com/en-us/windows/python/beginners
- NMAP https://nmap.org/download.html
- Burpsuite https://portswigger.net/burp/releases/professional-community-2020-1?requestededition=community
- ZAP https://www.zaproxy.org/
- Spiderfoot https://www.spiderfoot.net/documentation/
- Metasploit https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers
- TOR https://www.torproject.org/download/
- VS Code https://code.visualstudio.com/docs/setup/setup-overview
For a list of tools by category see: https://github.com/sundowndev/hacker-roadmap#tools-by-category