Do you honestly think 'hacking tools' are used primarily with good intentions (i.e. as part of authorised penetration testing, interception of network traffic, etc.) and that nefarious use is the exception?
Obviously it's nigh-on impossible to measure, but I'd suspect it is the other way round...
Problem is mostly with classification. Is ping a hacking tool? Is cmd.exe a hacking tool? (black window sure looks dangerous...) Is g++ a hacking tool? If not, can I carry around source code of a port scanner and a compiler on the same laptop? Is that the same as transporting disassembled gun?
(Any debugger is a killer cracking tool too)
I predict a big market for tetris clones with port scanning functionality...
Obviously it's nigh-on impossible to measure, but I'd suspect it is the other way round...