# Identifying Target Endpoints for Scans

:::info
The features covered in this tutorial are only available to organizations that have subscribed to the Web Application Security Testing feature.
:::

Shisho Cloud supports the following methods for identifying target endpoints for application scans:

- [Importing from OpenAPI Specification](/docs/g/getting-started/register-web-applications/collect-endpoints/openapi/index.md)
- [Importing from GraphQL Schema](/docs/g/getting-started/register-web-applications/collect-endpoints/graphql/index.md)
- [Importing from Connect RPC](/docs/g/getting-started/register-web-applications/collect-endpoints/connectrpc/index.md)
- [Crawling](/docs/g/getting-started/register-web-applications/collect-endpoints/crawling/index.md)

For details on each method, please refer to the links above.

If you want to exclude specific endpoints from the scan targets, please refer to the following link:

- [Excluding Endpoints from Scans](/docs/g/getting-started/register-web-applications/collect-endpoints/exclusion/index.md)