The invention provides a network penetration testing method. The method comprises the steps that 1, a network attack path is established according to the accessibility among different network segments on the basis of an existing network topology and vulnerability information list; 2, the network attack path is traversed, every two adjacent network segments belong to a group, and a single-vulnerability exploitation model (SVEM) is constructed for each vulnerability of an attack target by taking one host in the previous network segment as an attacker and taking one host in the latter network segment as the attack target; 3, the SVEM is synthesized on the basis of a backward search algorithm, and an attack graph from the attaching host to the target host is constructed; 4, all possible attack paths are decomposed according to the attack graph, and attacking is conducted for vulnerabilities in all the paths to obtain an effective attack path. According to the network penetration testing method, the attack path can be automatically planned according to a network environment, an automatic penetration attacking scheme can be achieved, penetration testing is rapidly and efficiently conducted on a target system, and a large quantity of manpower and material resources are saved.