The invention discloses a software vulnerability detection method based on simulation attack. Function information related to sensitive operation is acquired through a static disassembling tool, and the processes of monitoring, attack simulation, attack influence analysis and the like are realized by using a dynamic inserting pile platform. The method mainly comprises the following steps: (1) executing static analysis to obtain program information; (2) dynamically executing a program, and detecting sensitive function calling; (3) analyzing an attack implementation condition; (4) executing simulation attack; (5) analyzing attack influences, and making a vulnerability judgment according to an attack influence result. In specific implementation, simulation attack is performed on the program by adopting a symbolic link, a corresponding vulnerability type is type I file access vulnerability, and through utilizing the vulnerability, a local attacker updates the program through the symbolic link to access a file as expected, so that access to file resources beyond the right of the attacker is realized.