vPenTest · Prospecting Guide
Turn a free scan into a signed contract.
The vPenTest Prospecting Test runs a real penetration test on a prospect's network and hands you a professional PDF and a branded PowerPoint with speaker notes — before they're even a client. 20 tests per month, included in your subscription.
20 tests / month included
External — no agent needed
3 deliverables auto-generated
AI speaker notes pre-written
⚠
The prospecting test is not a full penetration test and cannot be used for compliance or cyber insurance documentation. Use it to open the door — not as a compliance deliverable. The full vPenTest assessment is what covers those use cases.
What makes it powerful
01 — Prospect Report
Pentest Evaluation Summary
Prioritized findings by criticality and business impact. Not a raw CVE list — real exploitable vulnerabilities only. Designed to hand directly to a prospect.
02 — AI Summary
AI-Enhanced Executive Summary
Findings rewritten in business language. Strengths and areas of concern framed for non-technical decision-makers. Enable this at scheduling — no extra steps.
03 — Presentation
Executive PowerPoint + Speaker Notes
10-slide branded deck. Top 3 critical findings with evidence. AI-written speaker notes on every slide. Download and walk in.
Why prospecting tests find fewer issues — and that's the point
Vulnerability Scanner
Exhaustive list of potential weaknesses
Can generate hundreds of findings including theoretical and low-severity issues. Overwhelming for non-technical stakeholders. Hard to prioritize without context.
vPenTest Prospecting
Only confirmed exploitable attack vectors
Reports fewer issues — but only the ones that actually matter. Confirmed attack paths, not theoretical risks. Easier for a prospect to understand why they need to act.
Best-fit prospects for a prospecting test
| Prospect Profile | Why It Lands | Use External or Internal? |
|---|
| Law firm with client data obligations | GLBA exposure, professional liability, client confidentiality. Findings carry real legal weight. | External first; internal if they have on-site infra |
| Financial services / CPA firm | SOC 2, GLBA, regulatory pressure. The report becomes evidence of due diligence (or lack of it). | Both — run external first, use internal as upsell |
| Healthcare-adjacent (billing, labs) | HIPAA adjacency, cyber insurance requirements, breach liability. | External first |
| Client post-incident or near-miss | Already aware of risk. The report validates their concern and shows them what else is exposed. | Internal — they want to know what's on their network |
| SMB asking "are we secure?" | Concrete answer replaces vague reassurance. Shows real findings they can act on. | External — fastest to run, no site visit required |
| Prospect with a QBR coming up | Use the report to anchor the meeting around security posture and upsell the full package. | Either — time to external results is faster |
Deliverables
Three outputs. One conversation.
Every prospecting test generates three ready-to-use deliverables automatically. Enable the AI summary at scheduling. The PowerPoint is always included.
Output 01 — Pentest Evaluation Summary
📄
Pentest Evaluation Summary PDF
The primary prospect-facing report. Prioritizes findings by criticality and business impact. Only confirmed exploitable vulnerabilities — no noise. Includes high-level remediation recommendations.
Auto-generated
External + Internal
Hand to prospect
🔍
What's inside
Findings sorted by severity. Each finding includes: what was discovered, why it matters, how an attacker could use it, and what to do about it. Written to be understood without a technical background.
⚠
Cannot be used for compliance or cyber insurance purposes. Position it as the threat assessment that starts the conversation — not the compliance evidence that closes the audit.
Output 02 — AI-Enhanced Executive Summary
🤖
AI-Enhanced Executive Summary
An additional report layer built on top of the standard executive summary. AI rewrites findings in business and strategic language — framing risks as organizational concerns rather than technical vulnerabilities.
Enable at scheduling
PDF + DOCX
Non-technical audience
✅
What's different vs. the standard summary
Standard executive summary = scope, findings list, recommendations. AI-enhanced = greater context around outcomes, clearer breakdown of key activities, insightful view of strengths and concerns. Written for the decision-maker, not the IT person.
ℹ
No sensitive or client-specific data is transmitted for AI processing. Only non-sensitive, high-level information is used (industry context, finding categories, asset types).
Output 03 — Executive PowerPoint + AI Speaker Notes
📊
Executive PowerPoint Presentation
10-slide branded deck. Top 3 critical findings with evidence screenshots embedded. AI-written speaker notes on every slide. Download it, walk into the meeting, and present.
Always included
NTG branded
AI speaker notes
🗂️
Slide structure
Slide 1 — Title + assessment overview
Slide 2 — Scope of work and engagement details
Slide 3 — Top 3 findings list
Slides 4–9 — 2 slides per finding: details + evidence
Slide 10 — Contact information
How to access deliverables after the test
1
Go to Assessments → Completed tab
The prospecting test does not appear in the live tracking view. It only shows up in Completed once finished. Use the Search Assessment filter to isolate prospecting tests.
2
Click View Report Generated
Opens the report modal. You'll see options for: Pentest Evaluation Summary PDF, AI-Enhanced Executive Summary (if enabled), and Executive PowerPoint.
3
Download all three deliverables
Use Export All Deliverables to pull everything in one shot. Store in IT Glue under the prospect record. Reports auto-purge from the portal at 60 days.
⚠ 60-day purge — download immediately and store in IT Glue. Do not rely on the portal as storage.
How To Run
External first. Always.
External prospecting tests require no agent, no site visit, no coordination. Schedule in five minutes. Use internal when the prospect has infrastructure worth scanning from the inside.
No agent required — schedule and go
No site visit or client coordination needed
Scans externally exposed services, ports, and attack surface
Ideal for cold or warm prospects before they're clients
Results vary based on how much is internet-facing
Requires a vPenTest agent VM on the prospect's network
Use shared/traveling agent model — see agent swap workflow
More findings — internal network has more attack surface
Shows lateral movement risk, internal credential exposure
Higher impact conversation — "this is what's on your LAN"
Running an external prospecting test — step by step
1
Create the prospect as an Organization in vPenTest portal
Log into app.vpentest.io → Organizations → New Organization. Enter the prospect's name and industry. You don't need to create an agent for external tests.
2
Click Schedule Assessment → External Network Prospecting Test
On the Dashboard or Assessments page. Under Assessment Type, select External Network Prospecting Test.
3
Enable AI-Enhanced Executive Summary
In Step 1 of the scheduling wizard, check the box to enable the AI-Enhanced Executive Summary. This adds the business-language summary to your deliverables at no extra cost.
ℹ Always enable this. The AI summary is what you hand to the decision-maker. The technical PDF is for the IT contact.
4
Set IP Ranges — scan everything
Prospecting tests have no IP limitations. Vonahi recommends scanning the entire external environment. Enter the prospect's known IP ranges or domain. If unknown, their public IP block and primary domain is a good start.
5
Set Scan Time to 24/7
Vonahi recommends leaving scan time unrestricted for fastest and best results. This is a prospecting test, not a production system — no need to restrict the window.
6
Save and wait for completion
The test appears in Assessments → Scheduled. Unlike a full pen test, you cannot track it in real-time. You'll only see it when it's done — check Assessments → Completed.
⚠ Download all reports immediately when completed. The portal purges data at 60 days. File in IT Glue under the prospect record.
Adding an internal test — agent swap model
ℹ
NTG maintains a shared pool of vPenTest agent VMs. For prospect internal tests, reassign an existing agent to the prospect organization, run the assessment, then reassign back. No need to build a permanent VM for prospects.
1
Identify an available agent in the NTG pool
Log into app.vpentest.io → Internal Agents. Find an agent not currently scheduled for an assessment.
2
Reassign the agent to the prospect org
Action → Edit Agent Details → change the Organization dropdown to the prospect. The agent now belongs to that org and can be scheduled.
3
Deploy the agent to the prospect's network
Physical NUC or laptop on their LAN (preferred for prospects), or temporary Hyper-V VM if they have a host. The agent must be online and on their network before scheduling.
4
Run the assessment, download results, reassign agent back
After completion, all assessment data is purged from the agent. Reassign back to NTG or next client. No cross-client data risk.
Sales Workflow
The report is the foot in the door.
The prospecting test gives you a reason to call, something to show, and a natural path to the full security package conversation. Here's how to run it.
End-to-end prospecting workflow
1
Identify the prospect and run the external test — no permission needed
An external test scans publicly accessible infrastructure. You don't need the prospect's permission to run it — it's equivalent to what any attacker could see. Start with your warmest prospects or upcoming calls.
ℹ Best candidates: law firms, financial services, healthcare-adjacent. Any prospect where "are we secure?" is a live concern.
2
Download the deliverables as soon as the test completes
Pull the Pentest Evaluation Summary, AI-Enhanced Executive Summary, and the PowerPoint. Review findings before the meeting — know what you're walking in with. File everything in IT Glue.
3
Use the PowerPoint to anchor the first meeting
The deck is ready to present. Speaker notes are written. Slide 3 shows the top 3 findings — lead with those. Let the findings drive the conversation. You're not selling — you're showing them what we found.
ℹ Frame it as: "We ran a quick external scan before our call to give you something concrete to look at — here's what we found."
4
Leave the AI Executive Summary PDF with the decision-maker
The business-language version goes to the owner, CFO, or managing partner. Not the IT person — they can read the technical version. The AI summary is written to be understood by non-technical leadership.
5
Propose the internal test as the next step
The external test showed what's visible from outside. Offer to run an internal test to show what's exposed from inside — what a threat actor would see after they're already in. This is the natural bridge to a full engagement.
ℹ "The external scan shows what an attacker sees before they're in. The internal scan shows what they can do once they are. We'd like to run that for you — here's what it takes."
6
Close on the security package
The prospecting test is the proof of concept. The full security package (VulScan + vPenTest + Network Detective Pro) is the ongoing service. Use the findings to anchor the value — they've already seen what's exposed. The package is how they stay on top of it.
Which deliverable goes to whom
| Deliverable | Audience | When to use |
|---|
| Executive PowerPoint | Owner, CFO, Managing Partner, Board | Lead with this in the first meeting. Speaker notes are pre-written. |
| AI-Enhanced Executive Summary PDF | Decision-maker, non-technical leadership | Leave behind after the meeting. Business language, no technical jargon. |
| Pentest Evaluation Summary PDF | IT Manager, MSP technical contact, compliance officer | Share with the technical stakeholder. Has the actual finding details and remediation steps. |
Positioning the prospect vs. client distinction
ℹ
The prospecting test report is a conversation opener, not a compliance deliverable. When the prospect becomes a client and signs up for vPenTest, their first full assessment replaces this with a CREST-quality penetration test that can be used for compliance and cyber insurance. Make that distinction explicit in the close — it raises the perceived value of what they're signing up for.
Talking Points & Objections
Know what to say before they ask.
The most common prospect reactions to a prospecting test — and how to handle them without losing the room.
Opening the conversation
How do I introduce the report without it feeling like a cold pitch?
"Before our call today, we ran a quick external security scan on your environment — same methodology we use for our managed clients. I wanted to give you something concrete to look at rather than just talking in generalities. Here's what we found."
They ask: "How did you run a test on us without our permission?"
An external scan looks at what's publicly visible — the same information any attacker on the internet could see. No internal access, no credentials, no systems were affected. We're showing you your public exposure, which is something you should know about regardless.
They say: "We already have antivirus / IT support."
EDR and antivirus catch threats after they're running. This test found open doors before anything walked through them. These are two different problems — one is a lock on the door, the other is checking whether the door was left open in the first place.
On the report itself
"You only found [N] issues — that seems low. Is this a real test?"
The prospecting test reports fewer issues than a vulnerability scanner intentionally. It only flags vulnerabilities that can actually be exploited — confirmed attack paths, not a theoretical list. Finding fewer issues here means they're real. A vulnerability scanner would give you hundreds of items, most of which wouldn't matter.
"Is this the same as what we'd get as a full client?"
No — this is a prospecting scan, which is a subset of what the full vPenTest delivers. Full clients get a CREST-quality penetration test with full QA review, compliance documentation, and ongoing recurring assessments. This gives you a real preview of exposure — the full engagement goes much deeper.
"Can we use this for our cyber insurance application?"
Not for compliance or insurance purposes — this is a prospecting evaluation. Once you're on the full security package, your vPenTest assessments generate documentation that satisfies those requirements. That's actually one of the core benefits of the ongoing service.
Closing to the full package
Moving from prospecting test to full package conversation
"What we showed you today is your external exposure. The next step is running the same methodology from inside your network — that's where attackers do the most damage once they're in. The full security package gives you continuous vulnerability monitoring, recurring pen tests, and full network visibility. Let me walk you through what that looks like."
"We're not ready to commit to a monthly service."
Start with a Network Detective Pro assessment — it's a one-time paid assessment that gives you a complete picture of your network risk. Most clients find the results are enough to make the ongoing service an easy decision. It also gives us both a baseline before we do anything else.
"What does the full package actually cost?"
Pricing is based on your environment size. For context, a traditional penetration test runs $5,000–$30,000 per engagement, once a year. Our model delivers that continuously for a fraction of that cost — and bundles in vulnerability scanning and network assessment. I can put together a quote based on your seat count.
Quick reference — key facts to have ready
Traditional pen test cost$5,000 – $30,000 per engagement, typically once per year
NTG vPenTest modelContinuous, recurring assessments — fraction of traditional cost
Prospecting test volume20 per month included — no IP limitations
External test setupNo agent, no site visit, schedule in 5 minutes
Deliverables per testPentest Evaluation Summary PDF + AI Executive Summary + PowerPoint with speaker notes
Can be used for compliance?No — prospecting tests are evaluation tools only. Full vPenTest assessments cover compliance.
Report purge window60 days — download and store in IT Glue immediately
Best follow-up offerInternal prospecting test or Network Detective Pro one-time assessment