The invention relates to a vulnerability scanning system based on Internet of Things (IoT) terminal equipment, and a method implemented by the system. The system comprises a target network, a sniffing analysis module, and a vulnerability scanning module, wherein the target network establishes a communication service network between a source communication end and terminals; the sniffing analysis module carries out capturing and analysis of data packets of the communication service network; and the vulnerability scanning module carries out actual attacks on the target network, returns results and process information generated by attack data, and detects whether a vulnerability exists or not according to feedbacks of the target network. The system and the method provided by the invention have the advantage that hardware, software and relevant data of an information or network system can be protected from damages, alternations or leakages caused by functions of terminal systems or vicious invasions.