Loading…
Jan 19, 2038 · 03:14:07 UTC  ·  remaining
Vulnerable Possible Unknown Safe
🚨
Need Immediate Action
Systems confirmed vulnerable or with app-level risk
🔍
Need Investigation
Likely affected or unverified — review these next
Safe or Resolved
Confirmed 64-bit safe, cleared, or remediated
💼Business Impact
Revenue at Risk (annual)
Critical Systems Affected
Remediation Rate
Total Assets Tracked
Progress
0 of 0 fixed
Quick Actions
🎯Priority Items to Fix sorted by criticality & revenue
🎯
No at-risk assets yet
Time to Y2038
Jan 19, 2038 · 03:14:07 UTC
Confirmed + App Risk
require immediate action
Possibly Impacted
need investigation
Total in Scope
hosts tracked
Remediation Rate
of at-risk hosts resolved
Confirmed 32-bit
HIGH RISK
App-Level Risk
APP OVERFLOW
Possibly Impacted
MEDIUM RISK
Unknown / Unverified
NEEDS REVIEW
Not Impacted (64-bit)
SAFE
Cleared / Excluded
VERIFIED
Offline / No Response
UNREACHABLE
Triage
discovered
suspected
Confirmed
validated
vendor
Remediation
planned
in progress
Resolved
safe · exception
retired
Top Priority Assets by tech confidence
🎯
No at-risk assets
IP Address Hostname / Asset Status Lifecycle Ports Business Context Actions
Loading assets…
0 selected | Status: | Lifecycle: |
🔬
Analyst Workbench — high-confidence findings sorted by technical evidence strength. Each finding shows three separate risk scores and evidence confidence tier labels ([CONFIRMED] = credentialed proof, [HEURISTIC] = banner pattern, [INDICATOR] = correlating signal).
IP / Asset Detection Status Lifecycle State Evidence Quality Tech Confidence Exposure Severity Business Priority Actions
🔬
Loading…
🔧
Engineer Fix Queue — assets that require action, grouped by remediation state and exposure severity. Focus on validated_affected and suspected assets first. Use the lifecycle selector to advance an asset through the remediation workflow.
IP / Asset Detection Status Lifecycle State Owner / BU Criticality Advance State Actions
🔧
Loading…
🔍Launch Network Scan

Scan IP ranges for Y2038 vulnerability indicators. Results are stored in the dashboard. Requires network access from the server running this application.

🕐Recent Scans
Loading…
📂Import Asset File(s)

Upload CSV or JSON exports from your asset management tools (CrowdStrike, Qualys, Armis, etc.). The scanner will automatically detect Y2038 indicators in OS, architecture, and version fields. Multiple files can be uploaded simultaneously — duplicates are automatically merged by IP address.

📁

Click to browse or drag & drop files here

Accepts .csv, .json, .xml (Nmap) · Multiple files allowed · Max 50 MB each

🕐Import History
Loading…
💡
Click any asset to annotate it with business context — owner, business unit, estimated revenue impact, criticality, and remediation timeline. This data feeds into the Executive PDF report.
IP Address Asset Name Y2038 Status Criticality Business Unit Revenue Impact Remediation ETA Context
🏢
Loading assets…
⚠️
The executive report is generated from all assets currently in the dashboard, including their business context and revenue impact data. For the best report, ensure you have annotated critical assets in the Business Context tab first.
⚙️Report Configuration
📋Report Contents
✅  Executive Summary with risk scorecard
✅  Year 2038 problem explanation
✅  Risk exposure detail table (all at-risk assets)
✅  Business impact analysis (with revenue data)
✅  Remediation roadmap (3-phase)
✅  Third-party tool integration guide
✅  Appendix: complete asset inventory
📊Current Data Summary
Loading data summary…

PDF will be downloaded automatically · May take a few seconds to generate

🗄️Database Live
Danger Zone
Clear all data
Permanently delete all assets, scans, imports, and events from the live database.
🚫Ignored Assets 0

Ignored assets are kept in the database but excluded from all reports and dashboards. Use this to suppress false positives or out-of-scope systems without losing their history.

No ignored assets.
🔔Outbound Webhooks

Webhooks fire an HTTP POST to your URL when a scan completes. The body is JSON; if a secret is set, an X-Y2038-Signature header containing sha256=HMAC(secret, body) is included for verification.

Loading…
💾Configuration Backup & Restore

Export all business context annotations and asset lifecycle states to a JSON file. Restore from a previous export to pick up where you left off — useful for moving between environments or sharing annotated data with teammates.

Downloads contexts + lifecycle states as JSON
Merges contexts from a previous export
ℹ️About
Year 2038 Vulnerability Scanner — web dashboard
Detects systems at risk from signed 32-bit Unix timestamp overflow on January 19, 2038 at 03:14:07 UTC.

Detection covers network banners, TLS certificate expiry, SSH credentialed probing, CSV/JSON imports, and live API integrations with Tenable, CrowdStrike, Qualys, Armis, Rapid7, Wazuh, and ServiceNow CMDB.

Notices:
• This project was developed with AI assistance. Detection logic should be validated by a qualified security engineer.
• API integrations are community-maintained and not vendor-certified. See README for limitations.
• AI features transmit asset data to third-party providers. Review your data policy before enabling.
• For authorized use only. Unauthorized scanning may violate computer fraud laws.

Live demo: epoch-fail.com  ·  Source: github.com/tking4808/2038

Data Source Integrations

BETA

Connect security tools via API to pull live asset inventory. Credentials are encrypted at rest (AES-256).

⚠️
Beta — not vendor-certified. These connectors are community-maintained and have not been validated by Tenable, CrowdStrike, Qualys, Armis, Rapid7, Wazuh, or ServiceNow. API response shapes vary by version; always verify synced data against your authoritative source. Disabling TLS verification (verify_ssl=false) is only safe on trusted network segments. Rotating SECRET_KEY will invalidate all stored credentials.
🔒Network Security
🔗Configured Integrations
Loading…
📦Available Providers
Loading…
🤖
AI output is informational only — not security advice. AI-generated analysis, remediation steps, and risk narratives must be reviewed by a qualified security engineer before acting on them. AI models may hallucinate CVE references, patch links, or version numbers.
Data privacy: Asset data (IPs, hostnames, OS strings, business context) is sent to the AI provider's API. Do not enable AI features if your data classification policy prohibits sending asset inventory to third-party cloud services. No credentials or API keys are ever included in AI prompts.
🔑AI Provider Configuration

Connect a provider to unlock AI analysis, risk narratives, and remediation guidance. API keys are encrypted at rest (AES-256) and never sent to the browser.

Not configured
AI Features
🔬
Asset Risk Analysis
Click "AI Analyze" on any asset in the dashboard to get a detailed Y2038 vulnerability assessment and remediation steps specific to that system.
Available in Asset Detail
📝
Executive Narrative
Generate a board-ready executive summary of your Y2038 exposure, quantifying risk and recommending immediate actions.
📋
Remediation Prioritizer
AI ranks your vulnerable assets by business impact, environment, and risk score — outputting a phased remediation plan.
💬
Inventory Q&A
Ask natural language questions about your asset inventory: "Which production servers are confirmed vulnerable?"