I don’t have one yet but I would run port scan on it to see what ports are open. I would also run a URL Fuzzer to find secret pages on the server.
This thread might be interesting to you as well. It seems some things are already possible without an api.