The invention discloses a loophole scanning method, device and system. The method comprises the following steps: obtaining a plurality of user requests by a plurality of loophole scanning nodes, wherein each loophole scanning node obtains at least one user request, and the plurality of user requests are generated by users when accessing web pages; performing loophole scanning on the plurality of user requests by the plurality of loophole scanning nodes at the same time to obtain a scanning result of each user request, wherein the scanning result comprises whether a system corresponding to each user request has a loophole and the type of the loophole; and sending the scanning result of each user request to a data collection server by the plurality of loophole scanning nodes, wherein the data collection server summarizes the scanning result of each user request to a loophole scanning result. By adoption of the loophole scanning method, device and system disclosed by the invention, the technical problem that the loophole scanning method in the prior art is a single scanning mode, resulting in a long scanning time, is solved.