BlackArch has offline PDF documentation:
BlackArch is a pentesting distribution. This is a banned subject here.
But this forum subject is useful anyhow. Not to discuss anonymous pentesting. But BlackArch documentation may provide for some inspiration for Whonix software or Whonix documentation improvements.
Here are some bits which I found interesting.
Packages that are used to protect a user from malware & attacks from other users.Examples: arpon, chkrootkit, sniffjok
Packages that count as any type of malicious software or malware detection.Examples: malwaredetect, peepdf, yara
Packages that would be used for reporting/recording the threat model outlined in a particular scenario.Examples: magictree
But I haven’t read much yet. Help welcome.