Recently, Web vulnerability scanning has an important role in network security. However, the most popular open source web vulnerability scanners, such as Nikto, Nessus, etc., have been criticized for their high false alarms, inaccurate evaluation and low sanning efficiency. In this paper, the process of vulnerability scanning is modeled accurately and a new scenariobased scanning strategy is presented. Vulnerability scenario is described by a scenario tree. The algorithms of how to construct and maintain scenario trees in vulnerability databases are also proposed. Finally, we analyze the vulnerability database of Nikto and demonstrate how to construct a scenario tree using its vulnerability records. We prove and validate that the scenariobased scanning strategy can improve the efficiency and veracity of vulnerability sanning.