Getting started guide
Whether you're going through a Test Trial or purchased a vPenTest subscription, the steps below will help you get started with our platform. Happy PenTesting!
Overview
Welcome to the vPenTest User Guide. Before we get started, let's cover some terms that will be used in and throughout vPenTest:
- Organization: An organization is basically your client. If you're performing an assessment for Walgreens, then this is your organization in the vPenTest portal.
- My User: These are your consultants/coworkers that will have access to the portal. They will be able to schedule assessments, etc.
- Organization User: These are the user accounts that belong to the organization (aka your client's user accounts). You can invite these users into the portal and they'll only have the ability to watch their assessments, view their organization's trending vulnerabilities, and see reports that you release to them. They won't be able to schedule any assessments
- Agent: An Agent is simply an internal virtual machine or physical device that vPenTest will connect to in order to perform a penetration test on-prem or in the cloud.
- Schedules: A schedule is simply a schedule for your security assessment. You can create scheduled assessments to run assessments based on your preferred time and date preferences.
NOTE If you are performing an internal security assessment, you will need to have an agent deployed. Refer to IP Estimator prior to continuing with this process.

An organization is essentially a client that you’d like to perform a security assessment on.
When creating an organization, it’s important to fill out as many details as possible.
Things such as the organization’s domain name can be used for open source intelligence (OSINT) gathering.
Follow these steps to create an organization:
- Click Organizations in the left navigation menu.
- Click the New Organization button.
- Fill out the New Organization pop-up modal. The following options are presented:
Field | Description |
---|---|
Full Name | The full name of the organization. |
Short Name | The organization’s abbreviation (if any). If none exists, you can use the organization’s full name. |
Industry | Provide your client’s industry category. |
Domain | Used for Open Source Intelligence (OSINT) gathering, this textbox should contain the domain name of the organization. |
Support Email | Optional field, but can be used to send support-related information to the client if necessary (e.g., Agent offline, etc.). |
Time Zone | Provide the organization’s time zone. |
Use Vonahi Security branded deliverables | If you ever want to use Vonahi Security branded deliverables, you can select the checkbox for “Yes”. Otherwise, the reports for this organization will be branded using your organization’s branding (e.g. logo, colors, etc.). |
NOTE If you are conducting an internal security assessment, such as an internal penetration test or vulnerability assessment, then filling out the second tab could be helpful by providing an email address as opposed to memorizing a UUID generated by the Agents.
EXAMPLE For example, for organization A, you could create an alias here called vPenTest@organizationa.com. For organization B, you can use vPenTest@organizationb.com. When you go to register an agent, you'll simply provide these email addresses for their respective organizations, and vPenTest will automatically associate the agents to the appropriate organizations.
It should be noted that this value must be unique, otherwise you'll end up registering agents to the wrong organizations.

A Scheduled Assessment is where you’ll go to configure the necessary requirements for your client’s security assessment. Follow the steps below to schedule an assessment:
- Click Assessments in the left navigation.
- Next, you’ll be presented with a page that allows you to select the Current Assessments or the Future Assessments tab. On the Future Assessments tab, click the New Scheduled Assessment button.
- Fill out the 6-Step Assessment wizard. The wizard that pops up will guide you through setting up your assessment for your client.
- Finally, click Finish and your assessment will be queued.
If you’ve selected for your assessment to start immediately, then your assessment will start 30 minutes after you've confirmed the scheduled assessment. For more information, refer to How soon can I start an assessment?
If you're looking to perform an internal assessment, your next step will be to deploy the vPenTest VM using the Ubuntu ISO within your client's internal network environment. For more information, refer to vPenTest Agent Installation Guide.