Is there any way to get or guess smart contract's external (or public) functions if it's not verified?
I've used transaction history to get functions that has been called at least at once, but that's very slow. Maybe there is way to guess from bytecode or something else?
What you are looking for is a bytecode decompiler so that you can retrieve the contract's ABI.
Since the bytecode only contains function signature hashes - in particular, only the last 4 bytes of a function signature hash - retrieving the ABI for bytecode is a try-and-guess-game.
Luckily, there are tools out there that combine different techniques (tx history, decompiling, known function signature databases, etc.) to "guess" a contract's ABI from bytecode and address. For example, have a look at porosity, JEB Decompiler, mythril, Ethervm.io, and whatsabi.
function signature databases: https://www.4byte.directory/signatures/