There are lots of methods that can be used to hack a website but most common ones are as follows:
1.SQL Injection
2.XSS(Cross Site Scripting)
3.Remote File Inclusion(RFI)
4.Directory Traversal attack
5.Local File inclusion(LFI)
6.DDOS attack
Acunetix:
'
Acunetix is one of my favorite tool to find a venerability in any web application It automatically checks your web applications for SQL Injection, XSS & other web vulnerabilities.
Nessus:
Nessus is the best unix venerability testing tool and among the best to run on windows. Key features of this software include Remote and local file security checks a client/server architecture with a GTK graphical interface etc.
Retina:
Metasploit Framework:
The Metasploit Framework is the open source penetration testing framework with the world's largest database of public and tested exploits.