I can open a locked 2000 VW Golf with a flathead screwdriver. I want to steal a car, so I walk through a car park with my screwdriver looking for Golfs. I do so by looking in each parking space.
I’m not looking for the parking spaces, I’m looking in each parking space to see if it has a 2000 VW Golf. Once I find one, I can exploit the door lock’s vulnerability and unlock the car. I could wander around the parking lot in the dark and blindfolded, jamming my screwdriver into anything that feels like metal, but that’s just silly.
Port scanning identifies network services running on a host so that the attacker can exploit vulnerabilities in the service. (source) Trying to run random exploits on random ports is just silly.