suspected
vendor
in progress
retired
| IP Address | Hostname / Asset | Status | Lifecycle | Ports | Business Context | Actions | |
|---|---|---|---|---|---|---|---|
|
Loading assets…
| |||||||
| IP / Asset | Detection Status | Lifecycle State | Evidence Quality | Tech Confidence | Exposure Severity | Business Priority | Actions |
|---|---|---|---|---|---|---|---|
|
Loading…
| |||||||
| IP / Asset | Detection Status | Lifecycle State | Owner / BU | Criticality | Advance State | Actions |
|---|---|---|---|---|---|---|
|
Loading…
| ||||||
Scan IP ranges for Y2038 vulnerability indicators. Results are stored in the dashboard. Requires network access from the server running this application.
Upload CSV or JSON exports from your asset management tools (CrowdStrike, Qualys, Armis, etc.). The scanner will automatically detect Y2038 indicators in OS, architecture, and version fields. Multiple files can be uploaded simultaneously — duplicates are automatically merged by IP address.
Click to browse or drag & drop files here
Accepts .csv, .json, .xml (Nmap) · Multiple files allowed · Max 50 MB each
| IP Address | Asset Name | Y2038 Status | Criticality | Business Unit | Revenue Impact | Remediation ETA | Context |
|---|---|---|---|---|---|---|---|
|
Loading assets…
| |||||||
✅ Year 2038 problem explanation
✅ Risk exposure detail table (all at-risk assets)
✅ Business impact analysis (with revenue data)
✅ Remediation roadmap (3-phase)
✅ Third-party tool integration guide
✅ Appendix: complete asset inventory
PDF will be downloaded automatically · May take a few seconds to generate
Ignored assets are kept in the database but excluded from all reports and dashboards. Use this to suppress false positives or out-of-scope systems without losing their history.
Webhooks fire an HTTP POST to your URL when a scan completes. The body is JSON; if a secret
is set, an X-Y2038-Signature header containing
sha256=HMAC(secret, body) is included for verification.
Export all business context annotations and asset lifecycle states to a JSON file. Restore from a previous export to pick up where you left off — useful for moving between environments or sharing annotated data with teammates.
Detects systems at risk from signed 32-bit Unix timestamp overflow on January 19, 2038 at 03:14:07 UTC.
Detection covers network banners, TLS certificate expiry, SSH credentialed probing, CSV/JSON imports, and live API integrations with Tenable, CrowdStrike, Qualys, Armis, Rapid7, Wazuh, and ServiceNow CMDB.
Notices:
• This project was developed with AI assistance. Detection logic should be validated by a qualified security engineer.
• API integrations are community-maintained and not vendor-certified. See README for limitations.
• AI features transmit asset data to third-party providers. Review your data policy before enabling.
• For authorized use only. Unauthorized scanning may violate computer fraud laws.
Live demo: epoch-fail.com · Source: github.com/tking4808/2038
Data Source Integrations
BETAConnect security tools via API to pull live asset inventory. Credentials are encrypted at rest (AES-256).
verify_ssl=false) is only safe on trusted network segments.
Rotating SECRET_KEY will invalidate all stored credentials.
Data privacy: Asset data (IPs, hostnames, OS strings, business context) is sent to the AI provider's API. Do not enable AI features if your data classification policy prohibits sending asset inventory to third-party cloud services. No credentials or API keys are ever included in AI prompts.
Connect a provider to unlock AI analysis, risk narratives, and remediation guidance. API keys are encrypted at rest (AES-256) and never sent to the browser.