This tool is focused on detecting GDPR violation on website to automate later complaint sending to national DPA

Ruby 3 or later Chrome headless (used by Selenium)

Software released under AGPLv3+ license

Get a GeoIP MaxMind free license https://www.maxmind.com/en/account/login.

$ cat > ~/.config/GeoIP.conf <EOF
AccountID <MaxMind account ID>
LicenseKey <MaxMind license key>
EditionIDs GeoLite2-ASN GeoLite2-City GeoLite2-Country
EOF
$ bundle install
$ bundle exec rake

$ bundle exec ./bin/acnihilator inspect <url of the website to test>

To avoid installing ruby environment, you can use Docker to build an image directly usable:

  docker build .

A pre-build version is provided on Docker Hub. (Publishing MaxMind geoip database is not allowed, so you need to have one on your host computer and to volume-mount it on the running container, so the -v usage.)

  docker run --rm -it -v ./GeoLite2-Country.mmdb:/app/GeoLite2-Country.mmdb \
    aeris22/acnihilator inspect --no-save https://imirhil.fr/

This script uses Selenium with a headless browser to intercept all HTTP requests done on a given website.

From this collection, it tries to detect GDPR violation:

• Usage of US services, violating Schrems II CJEU decision

  • GeoIP database for IP country location
  • Whois service for organization identification

• Deposit of identifying cookies without consent

• Usage of prohibited services like reCaptcha, hCaptcha, Cloudflare, Stripe, Mailchimp…