The potential harm of hidden endpoints, which often include sensitive functions, unreleased features, and administrator-only actions, is highlighted by Abhijeet Kumawat in this technical article.
He suggests employing LinkFinder to perform a passive discovery using JavaScript analysis to find these endpoints.
This method entails extracting URLs from JavaScript files via regex-based scanning, searching for suspect endpoints like /admin, /debug, /beta, or odd API routes, and doing so.
Kumawat especially notes how to exploit discovered endpoints in order to expose sensitive data.