> For the complete documentation index, see [llms.txt](https://wiki.pentestlist.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://wiki.pentestlist.com/offensive-security/web-application/discovery.md).

# Discovery

- [Testing API Keys](https://wiki.pentestlist.com/offensive-security/web-application/discovery/testing-api-keys.md): How to exploit an API key.
- [Vulnerability Scan](https://wiki.pentestlist.com/offensive-security/web-application/discovery/vulnerability-scan.md): How to vulnerability scan a web application and API.
- [Web Content Discovery](https://wiki.pentestlist.com/offensive-security/web-application/discovery/web-content-discovery.md): How to discover files and directories.
- [Parameter Discovery](https://wiki.pentestlist.com/offensive-security/web-application/discovery/parameter-discovery.md): How to discover web parameters.
- [VHOST Discovery](https://wiki.pentestlist.com/offensive-security/web-application/discovery/vhost-discovery.md): How to find virtual hosts on a web server.
- [CMS Scanners](https://wiki.pentestlist.com/offensive-security/web-application/discovery/cms-scanners.md): How to review a Content Management System.
