The best way to find bugs (eg: XSS) is with Google dorks as it makes more easier and faster.
When you search in Google, you can include search operators in the entry field to narrow down your search to find different endpoints.
First start with listing out subdomins
site:site.com (returns results from certain sites or domains)
If you are looking for specific files
filetype: (searches for exact file type like php,txt)
Search for different parameter names,
inurl: (searches for specific text in the indexed URL like id, uid, cart, buy)
Search for file upload/download
intitle: (searches for query terms in the page’s title like upload, upload)
Targeting shopping, carts etc,.:
inurl:”.php?id=” intext:”View cart”
For more on Dorks, nothing will be better than this:
Some lists to find admin panel and 4500 dorks to get XSS easy you can download it from this URL (via https://blog.securitybreached.org)