Zero-Day Sandbox

Zero-Day Sandbox helps users check if a website is safe or fake by using AI and multiple security checks, and explains the result in simple language.

Comment

Inspiration

Phishing attacks are one of the most common cybersecurity threats today. Many fake websites look exactly like real ones, and users often cannot tell the difference. This leads to people unknowingly entering passwords, banking details, or personal information on malicious sites.

I wanted to build something simple and practical that helps users make better decisions before interacting with a website. The goal was not just to detect threats, but also to explain them in a way that anyone can understand.

What it does

Zero-Day Sandbox is an AI-powered phishing detection system.

It scans a website and determines whether it is Safe, Suspicious, or Malicious using multiple signals such as:

  • Domain reputation and age
  • SSL certificate validation
  • URL pattern analysis
  • HTML content analysis
  • Screenshot-based inspection
  • VirusTotal threat intelligence

The system then uses Google Gemini to analyze all of this information together and generate:

  • A final risk score
  • A clear classification
  • Human-readable explanations
  • User safety advice

How I built it

The system is built as a desktop application using Python.

  • CustomTkinter is used for the UI
  • Playwright is used to open and capture live website screenshots
  • BeautifulSoup is used to analyze HTML content
  • RDAP lookup is used to check domain age
  • VirusTotal API is used for threat intelligence
  • Google Gemini API is used for multi-step reasoning

The pipeline processes the website step by step and combines all signals into a final decision.

Role of Gemini

Google Gemini plays a central role in the system.

Instead of using Gemini as a chatbot, it is integrated into the detection pipeline. It analyzes both the screenshot and structured security data together.

Gemini helps to:

  • Understand visual phishing patterns
  • Combine multiple signals into a final judgment
  • Generate clear explanations
  • Provide safety advice to users

This makes the system more intelligent and explainable.

Challenges I ran into

One of the biggest challenges was combining multiple signals into a meaningful result.

Each signal alone is not enough to detect phishing accurately. So I had to design a pipeline that processes domain data, HTML content, and visual information together.

Another challenge was ensuring that Gemini responses are structured and reliable, especially when extracting JSON outputs for scoring and explanations.

Handling real-time browser automation and making the UI responsive was also challenging.

What I learned

Through this project, I learned:

  • How phishing detection works in real-world systems
  • How to combine multiple security signals effectively
  • How to use browser automation for live analysis
  • How to integrate AI models like Gemini into a real application
  • The importance of explainability in cybersecurity tools

What's next for Zero-Day Sandbox

In the future, I would like to:

  • Add browser extension support
  • Improve real-time detection speed
  • Expand threat intelligence sources
  • Add more advanced phishing detection techniques
  • Deploy it as a web-based tool for wider accessibility

Built With

Share this project:

Updates