Quite an interesting topic.
Since he is using Qubes + Whonix, it is obvious to us what his technical issue is.
He does mention that it is "his site" that he is pentesting against.
However, if it is truly "his own site" and is whitehat pentesting it, then why the need for Tor anonymity?
What comes to mind as possibilities, might be...
a) He defaults to using Tor for most everything due to his personal life privacy needs/wants.
b) He is pentesting against a .onion site of his own and needs/wants to test it over Tor.
c) He is concerned about others using the Tor network to anonymously attack his server, is looking to put server side Tor-specific rules/mitigations in place, and wants to test their effectiveness out under real-world Tor network conditions.
Of course, one can't truly know what the use is truly for here, good or bad.
Also, Tor, Whonix, Tails, TorVM, corridor, etc, as tools, are ultimately more like "platforms" for tools/apps.
For all of the good use cases, we want our platforms to improve in ease of use.
Of course, the pentesting/exploit applications will and do continue to independently improve their ease of use.
I think ease of use for our platform should be pursued to the maximum for general purposes.
However, your specific concern about the combination of pentesting and anonymity platforms is a specific use case that I see why one would be hesitant about giving additional personal direction and support to.
Although, bad intending blackhats will likely figure how to run their exploit apps with Whonix or other anonymizing platforms regardless of being helped or not. And they can always come back with different identities and generalize their technical questions to try and get help out of you/us.
This instance was just bad luck for him that his particular connectivity issue has not been resolved in the general Qubes + Whonix platform yet. Most Whonix users and Whonix Qubes users throughout the future will have no problems getting their pentesting apps to run.
Anyway, those 3 listed possibilities were the ones I could think of for combining Tor anonymity and pentesting for legitimate whitehat purposes.
I'm going to hang back on this issue as well for now.