That seems very reasonable to me. It seems like the pentest companies I have worked with in the past charge that much and just do a lazy nmap/metasploit scan and wrap it into a nice PDF.