The paper introduces the current severe situation of the Web security, and brings up the necessity to design Web vulnerability scanning software. Then it analyzes Web crawler, construction of website structure tree, and detection methods of SQL injection, XSS, integer overflow and URL redirection, which provides a guarantee for developing the system successfully. The paper also describes the software architecture and the design of modules. The final testing results prove that the software is able to detect the common types of vulnerabilities rapidly and comprehensively. The software has been published.