当前，主要的开源Web漏洞扫描工具如Nikto、Nessus等都存在误报率与漏报率较高、评估不准确、扫描效率较低等问题。本文对漏洞扫描过程进行建模，在传统的基于配置的扫描策略上，提出了一种基于场景的扫描策略。使用场景树描述漏洞场景，并给出了场景树的构建及维护策略。最后，以Nikto的漏洞数据库为例，示范了如何将多条漏洞用例转化为场景树描述。使用漏洞场景扫描策略可以提高扫描效率，减小误报率，提高评估的准确度。

Recently, Web vulnerability scanning has an important role in network security. However, the most popular open source web vulnerability scanners, such as Nikto, Nessus, etc., have been criticized for their high false alarms, inaccurate evaluation and low sanning efficiency. In this paper, the process of vulnerability scanning is modeled accurately and a new scenariobased scanning strategy is presented. Vulnerability scenario is described by a scenario tree. The algorithms of how to construct and maintain scenario trees in vulnerability databases are also proposed. Finally, we analyze the vulnerability database of Nikto and demonstrate how to construct a scenario tree using its vulnerability records. We prove and validate that the scenariobased scanning strategy can improve the efficiency and veracity of vulnerability sanning.