The invention belongs to the technical field of network security, and specifically relates to a web vulnerability scanning method, the method comprises the following steps: crawling a URL of a to-be-scanned website and storing the URL in a to-be-scanned queue, performing web fingerprint identification for the URL in the to-be-scanned queue to obtain fingerprint information of the website, callinga scanning tool corresponding to the fingerprint information of the website to scan the to-be-scanned website, wherein, aiming at a periodical scanning task, whether a page is changed is judged through calculating whether a MD5 value of the current page is identical to the MD5 value recorded last time, if the page is not changed, scanning again is not needed, a lot of time can be saved, meanwhile,before scanning a to-be-scanned task, firstly fingerprint identification is executed for the URL, thus, the fingerprint information corresponding to the URL is obtained, a plugin corresponding to thefingerprint information is called to scan the page, calling all the plugins to scan each task is avoided, and a lot of time is saved.