# Discovery

- [Testing API Keys](/offensive-security/web-application/discovery/testing-api-keys.md): How to exploit an API key.
- [Vulnerability Scan](/offensive-security/web-application/discovery/vulnerability-scan.md): How to vulnerability scan a web application and API.
- [Web Content Discovery](/offensive-security/web-application/discovery/web-content-discovery.md): How to discover files and directories.
- [Parameter Discovery](/offensive-security/web-application/discovery/parameter-discovery.md): How to discover web parameters.
- [VHOST Discovery](/offensive-security/web-application/discovery/vhost-discovery.md): How to find virtual hosts on a web server.
- [CMS Scanners](/offensive-security/web-application/discovery/cms-scanners.md): How to review a Content Management System.