摘要： 针对现有探测系统的不足，采用C/S/Database 层次式结构，设计并实现了基于策略的网络脆弱性探测系统。详细讨论了系统的体系结构、探测策略及协作工作流程，扩展设计了脆弱性数据库，提出了一种高效的探测任务调度算法，给出了常规探测、穿透防火墙探测和网络拓扑信息探测等关键功能的实现技术。

关键词: 策略；脆弱性；探测系统

Abstract: According to the defect of current systems, this paper designs and implements a scanner system based on policies with Client/Server/Database hierarchy structure. Firstly the architecture, scan policies and collaboration workflow are discussed, then the extended design of vulnerability database subsystem is provided and an efficient scan task scheduling algorithm is also proposed. Finally the paper presents implementation techniques for conventional scan, firewall penetration scanning and network topological information scan

Key words: Policy; Vulnerability; Scanner system