Most likely this will lead to official certification and registration of pen testers like locksmiths and alarm system installers are required to have in some states..
Yeah, this is pretty likely. It's a dangerous road to go down, however, as regulatory bodies can be far from impartial.
It's a difficult issue to properly address. I think the right method to go about it is to punish actions, rather than possession of tools. On some level, simply having the ability to write software makes one suspect, if you start scrutinizing tools. Actions (compromising boxes and running exploits without permission of the owner of the host, advertising explicitly criminal use of software) are easy enough to define, and it's easier to define an exclusive list of "bad" actions, than to come up with generalizable rules.
This is the problem with these manner of laws. Criminalizing the very method by which entities guarantee their security is never a good idea.