Project Inspiration:

Our inspiration for this project was giving people access to an online privacy checker in the midst of many public data leaks, such as Discord, Persona, and more.

Project Overview:

Our project takes user input of varying kinds of passwords, IP addresses, and email addresses, and outputs a calculated privacy score that informs the user of the state of their current online security.

What we did:

We leveraged multiple external API's in order to cross-reference the user-inputted data with public databases. HaveIBeenPwned, AbuseIPDB, and Xposed were all external API's with access to large databases that were used to check the safety of the user's inputted data. This was then turned into calculated safety scores, which were fed into Gemini AI along with the raw data we also took from the API's. Gemini was then able to create a script for ElevenLabs to turn into an audio recording that the user could play to read the summary out. We used MongoDB to store the users' inputs, scores (both total & each input's individual score), and other useful information. The frontend aspect of our project was done with React and includes data visualizations to display the user's score data, along with API docs to show the stored data in MongoDB.

Challenges we ran into:

We ran into three main challenges. First, handling encrypted data from the React frontend broke our backend test scripts until we built dedicated, unencrypted testing routes. Second, we struggled with Docker networking, specifically getting our asynchronous MongoDB driver (motor) to reliably boot up and inject into the FastAPI routes without crashing. Finally, chaining multiple third-party APIs together meant we had to engineer strict error fallbacks so our entire app wouldn't crash just because ElevenLabs or an OSINT database temporarily hit a rate limit

Accomplishments that we're proud of:

Our most impressive accomplishment is how we engineered the architecture to handle so many moving parts in milliseconds. We didn't build a standard, slow scanner. Instead, we used high-concurrency loops to blast four different threat databases simultaneously, instantly pipe that raw intelligence into Google Gemini for a custom analysis, and then dynamically stream that text into a lifelike audio briefing using ElevenLabs. We essentially built an automated, real-time AI security anchor that never blocks the frontend and gracefully survives even if a third-party API crashes.

What we learned:

This project taught us how to seamlessly combine raw threat intelligence with generative AI into a single, user-friendly platform. We learned how to pull isolated data from massive security databases—like Have I Been Pwned and AbuseIPDB—and intelligently synthesize those alerts through Google Gemini to generate clear, actionable advice. Structuring that data directly into life-like audio through ElevenLabs showed us how to make cybersecurity completely accessible rather than intimidating. Finally, wiring up the entire system to securely record scan histories in MongoDB taught us the practical importance of safely handling deeply sensitive user data.

What's next for HackMerced Personal Vulnerability Checker:

We hope to expand more on the MongoDB database, and have relative scores to compare users with each other. We also hope to implement this as an API so that future developers can also apply our findings into their projects!

Built With

Share this project:

Updates