Skip to content
recon-web

Notifications

recon-web can notify you when a scheduled scan detects changes from the previous scan. Two channels are supported: Telegram and email. You can enable one or both.

Notification method

Section titled “Notification method”
VariableDefaultDescription
NOTIFY_METHODbothDelivery channel: telegram, email, or both

When set to both, recon-web sends to every channel that has valid credentials configured. A channel with missing or incomplete credentials is silently skipped.

Telegram setup

Section titled “Telegram setup”

  1. Create a bot — open a chat with @BotFather on Telegram and send /newbot. Follow the prompts to choose a name. BotFather will give you a bot token.

  2. Get your chat ID — send any message to your new bot, then open this URL in your browser (replace <TOKEN> with your bot token):

    https://api.telegram.org/bot<TOKEN>/getUpdates

    Look for the "chat":{"id": 123456789} value in the response. That number is your chat ID.

  3. Configure the environment — add both values to your .env file:

    Terminal window
    TELEGRAM_BOT_TOKEN=123456789:ABCdefGHI-jklMNOpqrSTUvwxYZ
    TELEGRAM_CHAT_ID=123456789

Email setup (SMTP)

Section titled “Email setup (SMTP)”

Configure an SMTP server to send email alerts:

VariableExampleDescription
SMTP_HOSTsmtp.gmail.comSMTP server hostname
SMTP_PORT587SMTP port (587 for STARTTLS, 465 for SSL)
SMTP_USERyou@gmail.comSMTP username / email address
SMTP_PASSabcd efgh ijkl mnopSMTP password or app password
NOTIFY_EMAILalerts@example.comRecipient email address for notifications

Gmail-specific instructions

Section titled “Gmail-specific instructions”

  1. Enable 2-Step Verification on your Google account at myaccount.google.com/security.

  2. Generate an App Password at myaccount.google.com/apppasswords. Select “Mail” as the app and “Other” as the device. Google will give you a 16-character password.

  3. Use the app password (not your regular Google password) as SMTP_PASS:

    Terminal window
    SMTP_HOST=smtp.gmail.com
    SMTP_PORT=587
    SMTP_USER=you@gmail.com
    SMTP_PASS=abcd efgh ijkl mnop
    NOTIFY_EMAIL=alerts@example.com

What triggers notifications

Section titled “What triggers notifications”

Notifications are sent when a scheduled scan detects that one or more handler results changed compared to the previous scan of the same URL. Examples of changes that trigger a notification:

  • SSL certificate renewed or expired
  • DNS records added, removed, or modified
  • Security headers added or removed
  • New open ports detected
  • Tech stack version changes
  • WHOIS registrar or expiry date changes

Manual scans (through the web UI, API, or CLI) are saved to history but do not trigger notifications.

Notification format

Section titled “Notification format”

Each notification message lists the changes with their severity:

recon-web: Changes detected


[!!!] ssl / validTo
    was: 2026-03-15T00:00:00Z
    now: 2026-09-15T00:00:00Z


[!] dns / MX
    was: ["10 mail.example.com"]
    now: ["10 mail.example.com","20 backup.example.com"]


[i] tech-stack / technologies
    was: [{"name":"Next.js","confidence":100}]
    now: [{"name":"Next.js","confidence":100},{"name":"Tailwind CSS","confidence":90}]