While attackers utilize the proxying application and Tor network, it is also possible to write their own custom network port scanner. The following one-line command can be utilized during penetration testing to identify the list of open ports just by using netcat as shown in the following screenshot:

while read r; do nc -v -z $r 1-65535; done < iplist

The same script can be modified for more targeted attacks on a single IP, as follows:

while read r; do nc -v -z target $r; done < ports

The chances of getting alerted in any intrusion detection system using custom port scanners is high.