While attackers utilize the proxying application and Tor network, it is also possible to write their own custom network port scanner. The following one-line command can be utilized during penetration testing to identify the list of open ports just by using netcat as shown in the following screenshot:
while read r; do nc -v -z $r 1-65535; done < iplist
The same script can be modified for more targeted attacks on a single IP, as follows:
while read r; do nc -v -z target $r; done < ports
The chances of getting alerted in any intrusion detection system using custom port scanners is high.