The way Apple intends for you to do this is to use XCode’s Validation feature. When you’re submitting an app, you build for achiving (or Archive from the XCode menu). Then, you open up Organizer to see the archive you just created. At this point, you can press the Validate button in Organizer. That will perform a validation, without actually submitting the app. It will tell you if you’re using Private APIs. Depending on how you use them, it might identify what the violation is:

There’s definitely ways that code can fool this validation step, and “get away” with using Private APIs until the reviewer looks at the bundle. But, as far as I know, those ways would all be intentional methods of hiding Private API usage, and it sounds like you’re trying to discover accidental usage.

If you fail this Validation test, then you might want to use something like AppScanner, mentioned in alan duncan’s answer. But, for completeness, I wanted to make sure people knew that this Validation step is available in XCode, and checking for Private API usage is one of the things it’s doing before you submit (and have to wait a few days to be told what you did wrong). Also, even if you don’t use the Validate button in Organizer, but just use Submit, the tool is performing a Validation for you. The only difference is whether the bundle actually gets uploaded to iTunes Connect.