And this is why there are a ton of shitty 'pentesters' out there who seem to mistake running nessus or nmap scripts as a penetration test. No, it's not 'secret' knowledge and can easily be learned if want to spend the time but running metasploit doesn't make you a pentester.
Like defenders, pentesters generally need to find all the vulnerabilities (sadly many customers accept the first one which ends up being a scoping issue) and understand how to mitigate anything that was discovered/exploited. That requires an understanding of protocols, networking, applications, web frameworks, etc.. I have found that the best tend to have the capacity to think maliciously. IMO, that is a critical skill. I have seen far too many people that just don't understand why anyone would want to abuse a protocol, which makes them substandard pentesters.
As for the original question, there are plenty of tools out there that can help you learn. Metasploitable, WebGoat, Kali, SamuraiWTF (disclosure, I am good friends with the lead for that), ZAP, Burp Suite (pro is great and super reasonable). If you have corporate funding, there are some decent trainings out there Offensive Security has their classes (and certs, I have heard mixed results). There is also SANS, which I have been increasing disappointed with but if you want a bunch of knowledge shoved in your head (at a pretty high dollar cost), they tend to do it. Also, some drift more towards network pentesting or application, personally, I think people should be versed in both (leveraging a remote code execution bug in a webserver is great unless you have no clue what to do within the OS).
For cheaper options there are bunch of books that can teach you a ton of 'tips and tricks' around pentesting (web Hackers Handbook 2nd Edition is particularly good). Having a solid background as a sysadmin makes it much easier IMO (my background is similar), since you are most likely familiar with troubleshooting, networking, multiple OS's and what not.