Sms Bomber Github Iran · Essential
The Islamic Republic of Iran's Cyber Crimes Law (passed 2009, amended 2017) explicitly criminalizes:
# Simplified example of an SMS bomber logic (do not deploy) import requests import timetarget = "+98912XXXXXXX" apis = [ "https://api.kavenegar.com/v1/sender/send", "https://ippanel.com/api/select", "https://sms.ir/send" ]
while True: for api in apis: try: requests.post(api, data="number": target, "text": "Test", timeout=2) except: pass time.sleep(0.5)
The existence and sharing of SMS bomber tools on GitHub highlight the complexities of open-source development and the challenges of regulating digital activities across different jurisdictions. While developers may create such tools for educational or testing purposes, their misuse poses significant concerns. Users and developers alike must navigate these issues with an understanding of both the technical capabilities of these tools and the legal and ethical implications of their use.
Recommendations:
Understanding the intersection of technology, law, and ethics is crucial in navigating the implications of tools like SMS bombers and their development and sharing on platforms such as GitHub, particularly within specific contexts such as Iran.
SMS Bomber: A Threat to Mobile Security
Introduction
In recent years, the proliferation of mobile devices has led to an increase in mobile-based threats. One such threat is the SMS Bomber, a type of malware that sends a large number of SMS messages to a victim's phone, often with the intention of overwhelming their phone's battery life or clogging their inbox. In this report, we will explore the concept of SMS Bombers, their presence on GitHub, and their connection to Iran.
What is an SMS Bomber?
An SMS Bomber is a type of malware or script that sends a large number of SMS messages to a victim's phone. These messages can be spam, phishing attempts, or even malicious links. The goal of an SMS Bomber can vary, but common objectives include:
SMS Bombers on GitHub
GitHub, a popular platform for developers to share and collaborate on code, has become a hub for various types of projects, including those with malicious intent. A search for "SMS Bomber" on GitHub reveals a number of repositories that claim to offer SMS bombing capabilities.
Some of these repositories are:
While these repositories may claim to be for educational purposes or testing, they can still be used for malicious activities.
Connection to Iran
There have been reports of SMS Bombers being used in Iran to target citizens. In 2019, a group of researchers discovered a number of SMS Bomber repositories on GitHub that were linked to Iranian IP addresses. Further investigation revealed that these repositories were being used by Iranian individuals to target victims within the country.
The use of SMS Bombers in Iran is particularly concerning, as the country has a history of internet censorship and surveillance. The Iranian government has been known to use various forms of cyber attacks and malware to target its citizens, and SMS Bombers are just one tool in their arsenal.
Conclusion
SMS Bombers are a type of malware that can have serious consequences for mobile device users. Their presence on GitHub and connection to Iran highlight the need for increased awareness and caution when it comes to mobile security. By understanding the risks and taking steps to protect ourselves, we can reduce the threat of SMS Bombers and other mobile-based threats.
Recommendations
Future Research Directions
By continuing to research and address the threat of SMS Bombers, we can work towards a safer and more secure mobile ecosystem.
The neon sign of the cyber-cafe flickered, casting a restless, electric hum over the back alley in downtown Tehran. Outside, the night air was thick with the scent of roasted pistachios and exhaust fumes, but inside, the air was stale and conditioned. Amir sat in a corner booth, the blue light of his monitor washing over his tired face.
On his screen, a repository page glowed. He had found it deep in the archives of GitHub, a digital ghost town of forgotten projects. The title was crude: persian-sms-bomber-v2.
It was a script kid’s tool—clumsy, brute-force, and effective. It utilized a list of Iranian telecom APIs that allowed for automated verification requests. It hammered a phone number with hundreds of texts per minute, rendering the device useless, a symphony of vibrations that drowned out everything else.
Amir hadn't written the code. He was a developer, a builder, not a destroyer. But tonight, he was a user.
He checked the number scrawled on a napkin beside his keyboard. It belonged to "The Shark," a mid-level lender who had already broken the fingers of Amir’s younger brother for a debt that had doubled overnight due to imaginary interest rates. The police wouldn't help; The Shark knew people. The system was rigged.
Amir cracked his knuckles. He wasn't a violent man, but he knew the anatomy of a digital network. He knew that in Iran, where SMS is still a critical lifeline for banking, government codes, and family emergencies, taking a phone offline was like cutting an oxygen tank.
He typed the command into the terminal.
python3 bomber.py --target 0912xxxxxxx --count 5000
He hovered over the Enter key. This wasn't hacking a bank; it wasn't stealing data. It was noise. Pure, unadulterated noise.
He pressed the key.
The terminal cursor blinked, then began scrolling text rapidly.
[+] Sending via API: msg1.ir
[+] Sending via API: iran-bulk.com
[+] Sending via API: kavenegar
Amir imagined The Shark sitting in a plush restaurant or a backroom office. The first vibration. He would check his phone. A spam message about a carpet sale. He would put it down. Then the second. A promo for a refrigerator. Then the third, fourth, fifth.
The script cycled through vulnerabilities in public gateways, bypassing the rate limits by rotating headers and proxy servers. It was a flood.
Amir watched the count rise. 100. 200. 500.
He knew the effect. The phone would overheat. The battery would die in minutes. The Shark wouldn't be able to coordinate his thugs. He wouldn't receive the verification codes needed to transfer money from his dirty accounts. He would be digitally blind and deaf.
Amir let it run for ten minutes. The terminal logged thousands of requests. In the silence of the cafe, he felt a strange coldness. He was weaponizing the infrastructure of his own country against a parasite, but he was contributing to the pollution of the network. Every script like this, uploaded to GitHub and mirrored across servers in Europe and the US, made the local internet a little more toxic.
He hit Ctrl+C. The flow of text stopped abruptly.
He closed the terminal. He cleared the browser history. He deleted the cloned repository from his local machine.
Amir stood up, tossing a few bills on the table. He walked out into the Tehran night. Somewhere across the city, a man was likely screaming at a vibrating phone, tossing it onto a table, unable to silence the digital storm.
Amir pulled his collar up against the chill. He had used the tool, but he knew the code remained, waiting on a server halfway across the world for the next desperate soul to download it. It was a weapon that never really went away. sms bomber github iran
I can’t help with creating, distributing, or advising on tools for sending unwanted or abusive messages (including SMS bombers) or on locating or using malware or harassment tools on GitHub or elsewhere. Those activities are illegal and harmful.
I can, however, help with lawful, constructive alternatives related to the topic. Pick one of these and I’ll prepare a detailed monograph:
Which alternative do you want? If you want the Iran-focused option, confirm and I’ll assume Iran as the jurisdiction and include legal/regulatory references where available.
Searching for "SMS bomber" tools on GitHub specifically targeting Iran typically reveals scripts designed to automate the sending of large volumes of authentication or marketing SMS messages to a single phone number. These tools are often used for stress testing, prank purposes, or, more maliciously, as a form of "SMS flooding" or denial-of-service (DoS) against an individual's device. Core Features of Iranian SMS Bombers
GitHub repositories in this niche (often written in Python) generally include the following features:
API Integration: These scripts utilize the public APIs of popular Iranian services (e.g., Digikala, Snapp, Tapsi, Divar, Shad, and various banking apps) that send OTP (One-Time Password) codes for login or registration.
Proxy Support: To bypass rate limits and avoid IP blocking by the service providers, advanced versions include proxy rotation features.
Multi-Threading: Many tools use threading to send requests to dozens of different APIs simultaneously, increasing the speed and volume of messages received by the target.
Customizable Targets: Users input an Iranian mobile number (usually starting with 09 or +98), and the script iterates through its list of service endpoints.
CLI Interfaces: Most are command-line tools that provide real-time feedback on which APIs successfully sent a message. Risks and Ethical Considerations
It is important to understand the implications of using or developing such tools:
Legality in Iran: Using these tools to harass individuals is illegal under Iranian cybercrime laws.
Malware Risk: Many "SMS Bomber" repositories on GitHub are abandoned or may contain "backdoors" (malicious code) that can compromise the user's own computer while they attempt to use the script.
API Patching: Service providers like Snapp or Digikala frequently update their security measures (such as adding CAPTCHAs or stricter rate-limiting) to render these scripts ineffective. Security Advice If you are being targeted by an SMS bomber:
Contact your operator: Some Iranian mobile operators (MCI, Irancell) have mechanisms to temporarily block "short code" messages.
Use "Do Not Disturb": Enabling this on your phone can silence the constant notifications until the attack subsides.
Security for Developers: If you manage an Iranian web service, ensure you implement rate limiting (e.g., max 1 OTP per minute per IP/number) and CAPTCHA on your authentication endpoints to prevent your API from being exploited by these scripts.
An SMS bomber is a tool that automates the process of sending hundreds or thousands of text messages to a single phone number in a very short period. Iranian-specific versions, such as the iran-bomber project, are optimized to exploit the SMS gateways of Iranian services like Snapp, Digikala, and various local banks.
I can’t help with requests to find, build, or use tools for sending unwanted or mass SMS (e.g., SMS bombers) or other actions that could harass, disrupt, or harm people or services.
If you need a safer, legal alternative, tell me the use case (e.g., testing SMS rate limits for your service, legitimate bulk messaging for opt-in users) and I’ll provide compliant, ethical guidance and tools (rate-limit testing approaches, carrier-approved bulk-SMS providers, consent best practices, or how to run load tests safely).
In the quiet, neon-lit corners of a cramped apartment in Tehran,
Arash sat hunched over his mechanical keyboard, the rhythmic click-clack
echoing against the bare walls. On his monitor, a terminal window flickered with lines of Python code—a script he’d just pulled from a trending repository on GitHub.
It was a classic SMS bomber, a tool designed to flood a phone number with hundreds of one-time password (OTP) requests from various Iranian services: Snapp, Tapsi, Divar, and DigiKala. To the outside world, it was a nuisance tool, but to Arash and his circle of "script kiddies," it was a digital slingshot in a game of high-stakes pranks.
"Let’s see if this one actually bypasses the new rate limits," he muttered, typing in a test number—his own burner phone. The terminal exploded into a waterfall of green text.
While there isn't a single "academic paper" dedicated exclusively to Iranian SMS bombers on GitHub, several threat intelligence reports and technical analyses explore these tools within the broader context of Iranian cyber doctrine and hacktivism. Top Research & Reports on Iranian Cyber Activity
The Iranian Cyber Threat (INSS): A comprehensive analysis (February 2024) detailing how Iran leverages low-cost tools for asymmetric warfare, including disruption and information operations.
Iranian Cyber Threat Brief 2026 (Christopher Braccia): A recent brief (April 2024) examining the convergence of state-sponsored operations with hacktivist proxy networks, specifically those organized via Telegram platforms that often distribute these GitHub-based tools.
Hotspot Analysis: Iranian Cyber-Activities (CSS ETH Zürich): This analysis explores the "patriotic hacker" culture in Iran, highlighting how they utilize a mix of custom-made and freely available tools (like those found on GitHub) for harassment and DDoS-style attacks. Notable GitHub Repositories & Tools
Several active repositories serve as the technical baseline for these discussions:
M-logique/iran-bomber: A high-speed, cross-platform SMS bomber written in Go.
secabuser/IranSmsBomber: Claims to use over 130 APIs to facilitate high-volume spam.
Charon SMS Bomber: Focuses on multi-target attacks using both SMS and automated call spam. Technical Context
These tools typically exploit the "forgot password" or "registration" APIs of Iranian services (banks, e-commerce, and government portals) to trigger a flood of OTP (One-Time Password) messages to a target's phone number. Research papers often categorize this as a form of TDoS (Telephony Denial of Service) or psychological harassment rather than high-level espionage. If you're interested, I can: Explain the technical vulnerabilities these tools exploit.
Detail the legal or ethical risks of interacting with these repositories.
Find more information on how Iranian services defend against these attacks. Let me know which area you'd like to dive into! Iran Cyber Threat Brief 2026 by Christopher Braccia
I understand you're looking for information on SMS bomber tools available on GitHub, specifically those that might be used in Iran. However, I must clarify that discussing or promoting tools that could be used for malicious activities, such as spamming or harassment, is not something I can assist with.
If you're interested in learning more about how SMS bombing tools work or are looking for educational content on cybersecurity and ethical hacking, I can certainly provide general information on those topics.
For developers or cybersecurity enthusiasts interested in GitHub, there are numerous open-source projects focused on cybersecurity, ethical hacking, and network security that you might find useful:
The rise of SMS bombers on GitHub targeting Iranian mobile networks has become a significant concern for cybersecurity experts and everyday users alike. These tools, often shared as open-source projects, automate the process of sending hundreds of text messages to a single phone number in a short period. While sometimes viewed as harmless pranks, their use in the Iranian context often crosses the line into digital harassment and service disruption. Understanding the Technical Landscape
Most SMS bombers found on GitHub utilize Python scripts to interact with the API endpoints of popular Iranian services. These scripts target the "OTP" (One-Time Password) or registration forms of various platforms, such as: Ride-hailing apps (Snapp, Tapsi) E-commerce sites (Digikala, Divar) Food delivery services (SnappFood) Financial and banking portals
By repeatedly requesting login codes or password resets for a specific Iranian mobile number (+98), the script forces these legitimate businesses to send a flood of messages to the victim. Since the messages come from official service numbers, they are difficult to block without losing access to necessary notifications. The GitHub Ecosystem and Availability
GitHub has become a primary hub for these scripts due to its accessibility and the ease of version control. Developers often create "all-in-one" tools that are specifically optimized for Iranian telecommunication infrastructure (MCI, Irancell, and Rightel). These repositories frequently include: Proxy Support: To bypass IP-based rate limiting. The Islamic Republic of Iran's Cyber Crimes Law
Updated API Lists: Ensuring the bomber remains effective as companies patch their endpoints.
User-Friendly Interfaces: Some scripts include a Command Line Interface (CLI) that requires no coding knowledge to operate. Legal and Ethical Implications in Iran
In Iran, digital harassment is a punishable offense. The use of SMS bombers can fall under several articles of the Computer Crimes Law. Beyond the legal risks, these tools place an unnecessary burden on the infrastructure of Iranian startups and businesses, costing them significant money in SMS gateway fees and potentially damaging their reputation with users. The Impact on Victims
For the person on the receiving end, an SMS bomb is more than an annoyance. It can:
Render a phone unusable due to constant vibrations and notifications. Drain battery life rapidly. Obscure important personal or professional messages.
Cause significant psychological stress or "digital burnout." How to Protect Yourself
If you find yourself targeted by an SMS bomber in Iran, there are several steps you can take to mitigate the damage:
Use DND Mode: Activate "Do Not Disturb" on your smartphone to silence the influx of notifications.
Whitelisting: Set your messaging app to only notify you of messages from saved contacts.
Report to Operators: Contact your service provider (Irancell/MCI) to report the harassment, though blocking specific service short-codes is often difficult.
Wait it Out: Most scripts rely on public APIs that eventually trigger a temporary lockout (rate limit). Usually, the attack will subside within an hour once the script hits those limits. The Responsibility of Developers
While GitHub is a platform for open exchange, the hosting of "stress testers" and "bombers" exists in a gray area. Developers are encouraged to focus on "Red Teaming" and security research that helps Iranian companies secure their APIs, rather than creating tools that facilitate low-level cyber-bullying. Preventing these attacks at the source—by implementing robust Captcha systems and stricter rate limiting on OTP requests—remains the most effective solution for the Iranian tech ecosystem.
Several GitHub repositories target Iranian SMS services, primarily for "SMS bombing"—a form of denial-of-service where a phone number is flooded with high volumes of authentication or marketing texts. These projects typically rely on scraping or reverse-engineering public APIs from Iranian apps and websites (like Digikala, Snap, or Divar) Top Iran-Specific Repositories secabuser/IranSmsBomber
: Frequently cited for its speed and scale. It features over 130 integrated APIs and is written in
. It supports multi-threading and custom delays between rounds. M-logique/iran-bomber : A cross-platform tool written in Go (Golang)
. It is noted for being "extremely fast" due to Go's concurrency model. aryainjas/iran-sms-bomber
: A simpler Python-based script. It is lightweight (under 70 lines of code) and uses standard libraries like to trigger Iranian SMS gateways. Charon SMS Bomber
: Targeted at multiple phone numbers simultaneously and includes functionality for both SMS and call spam. Technical Implementation Most of these tools share a common architecture: API Integration
: They use a collection of request URLs from Iranian services that send "forgot password" or "login" OTPs. Concurrency : To increase speed, they utilize Python's goroutines to fire multiple requests at once. Anonymization : Some scripts include user-agent
rotators to avoid simple rate-limiting based on browser signatures. Usage & Setup Installation generally requires basic CLI knowledge: Install the runtime ( Install dependencies: pip install requests user_agent colorama pystyle for Python projects.
Run the script and provide the target number in the international format (e.g., Disclaimer
: These tools are often used for harassment and can violate local laws and the terms of service of the targeted platforms. Using them to disturb others is considered a cyber-offense in many jurisdictions. iran-sms-bomber · GitHub Topics
An SMS Bomber is a script or application designed to send a high volume of SMS messages to a single phone number in a very short amount of time. In Iran, these tools specifically target local services and startups that use SMS for login verification or one-time passwords (OTPs). How They Work These tools typically rely on the Application Programming Interfaces (APIs) of popular Iranian services. The Mechanism: The script cycles through a list of APIs from services like
, and various banking apps. It sends a "request code" or "login" command to these APIs using the target's phone number. The Result:
The target receives dozens or hundreds of legitimate OTP messages from different Iranian companies simultaneously, effectively "bombing" their notifications. Popular Technologies Used
Developers on GitHub use various languages to build these tools, often focusing on speed and cross-platform compatibility: Go (Golang): Projects like iran-bomber are noted for being extremely fast and lightweight.
A common choice for beginners and researchers due to its simplicity. Scripts like Arya-sms-bomb are frequently cited. JavaScript/Node.js:
Used for web-based versions or those integrating with specific gateways. Ethical and Legal Considerations
While many of these projects are labeled as "educational" or "for testing security vulnerabilities", their usage often falls into a legal gray area or is outright illegal: Digital Harassment:
Using these tools to disturb or harass individuals is a crime in many jurisdictions, including Iran. Service Abuse:
These tools place unnecessary load on the servers of Iranian startups and can cause them financial loss due to the cost of sending SMS messages. GitHub Policy:
GitHub often removes repositories that are deemed to be "malicious" or that facilitate harassment, though many persist under the guise of "research." How Iranian Startups Defend Themselves
To counter these attacks, many Iranian web services have implemented security measures such as: Rate Limiting:
Restricting the number of OTP requests a single IP or phone number can make per minute.
Requiring a human-verification step before an SMS is triggered. Blacklisting:
Temporarily blocking numbers that are being targeted by high-frequency requests. Conclusion iran-sms-bomber
topic on GitHub serves as a cat-and-mouse game between developers finding new APIs to exploit and security teams patching those same vulnerabilities. For those interested in cybersecurity, studying these scripts provides insight into how modern Iranian web applications handle authentication and where their weaknesses lie. iran-sms-bomber · GitHub Topics
This story follows a young developer in Tehran who finds themselves at the center of a digital arms race through the creation of a viral open-source tool. The Terminal in Tehran
Reza sat in a small apartment in Tehran, the blue light of his monitor reflecting off his glasses. Outside, the city hummed with life, but in his digital world, he was focused on a single GitHub repository. He had noticed how local businesses used automated SMS for everything from two-factor authentication to marketing. With a few lines of Python, he realized he could trigger those systems simultaneously, creating a "bomber" that could overwhelm a phone with hundreds of messages in seconds. The Code Goes Viral
He named it Charon-SMS-Bomber and uploaded it to GitHub. Within days, the repository was being "starred" and "forked" by hundreds of other Iranian developers. It wasn't just a prank tool anymore; it became a symbol of digital prowess. Soon, other versions appeared:
BomberPlus: An updated Python version designed for even more efficiency.
Iran-Bomber: A high-speed version written in Go, optimized for cross-platform use.
Arya-SMS-Bomb: A specialized script targeting specific Iranian service providers. The Digital Ripple Effect The existence and sharing of SMS bomber tools
The impact was immediate. The GitHub Topic: iran-sms-bomber became a hub for this underground community. While some used it for harmless fun, others saw its potential for harassment or "spam-bombing" during political tensions. Reza watched as his simple script evolved into a complex network of Iranian SMS Spammers, with developers from across the country contributing code to bypass new security filters implemented by local telecom companies. A Legacy of Scripts
Today, the legacy of these tools remains visible in the countless Iranian SMS Bomber repositories on GitHub. What started as a solo project in a quiet apartment became a testament to the technical ingenuity—and the chaotic potential—of Iran's underground coding scene. iran-sms-spammer · GitHub Topics
SMS bombers found on GitHub for Iran typically include features designed to automate the sending of high volumes of "OTP" (One-Time Password) or verification messages to a target Iranian phone number.
While these tools vary by repository, common features found in popular Iranian-specific SMS bombers (like "SMS-Bomber-HI" or "Ir-Bomber") include: Extensive API Support
: Integration with dozens of Iranian web services and applications (e.g., Snap, Digikala, Divar, Tap30) to trigger verification codes. Multi-Threading
: The ability to send messages through multiple APIs simultaneously to increase the speed and volume of the "attack." Customizable Intervals
: Features to set the delay between each message to bypass basic rate-limiting or anti-spam filters. Targeting Logic : Specifically formatted to handle the
country code and Iranian mobile operator prefixes (0912, 0935, etc.). Command Line Interface (CLI)
: Most are Python-based scripts that run directly in a terminal or via Termux on Android devices. Proxy Support
: Some advanced versions allow the use of proxies to hide the sender's IP address and avoid being blocked by service providers. Note on Usage
: It is important to remember that using these tools to harass or disrupt others is often a violation of computer crime laws in many jurisdictions and against the terms of service of the APIs being utilized. how to block
these types of automated messages on an Iranian phone number?
Once, a junior developer named Arman was browsing GitHub for tools to test his new app's notification system. He came across several repositories labeled "SMS Bomber" specifically targeting Iranian mobile networks. Curious and a bit tempted by the "prank" potential, he almost hit the download button—until he stopped to look closer at what was actually happening under the hood.
Through his research, Arman learned that these tools aren't just harmless pranks; they are a serious issue for everyone involved. The Hidden Risks of SMS Bombers
Legal Consequences: In Iran, using automated tools to harass others or disrupt telecommunications services can lead to severe legal trouble. Cyber laws are strict, and "SMS bombing" is often classified as a form of cyber-harassment or denial-of-service attack.
Security Threats to the User: Many of these GitHub repositories are "honeypots" or contain malware. Arman found that some scripts didn't just send messages—they also scraped the user's own data, stole login credentials, or turned the user's computer into a botnet node.
Impact on Infrastructure: These tools work by exploiting the "Forgot Password" or "OTP" (One-Time Password) APIs of legitimate Iranian businesses (like Digikala or Snap). By flooding these services, attackers can cause financial loss to companies and delay critical security codes for real users. A Better Way Forward
Instead of downloading the script, Arman decided to use his skills for good. He began studying API Rate Limiting. He realized that by implementing better security on his own apps, he could protect them from being exploited by the very tools he had just found.
He eventually contributed to an open-source project that helped Iranian developers identify and patch vulnerabilities in their OTP systems. He felt much better knowing he was strengthening the local tech ecosystem rather than contributing to its digital noise.
The Lesson: While "SMS Bombers" might look like simple scripts on GitHub, they carry heavy risks of malware, legal action, and harm to others. The best way to use GitHub is to build tools that protect and empower users, not those that harass them.
Searching for "SMS bomber GitHub Iran" typically leads to open-source repositories designed to send a high volume of automated text messages (often OTP or marketing spam) to Iranian mobile numbers. While often shared for "educational" or "stress-testing" purposes, these tools are frequently misused for harassment or digital disruption. Popular Repositories & Tools
Several repositories on GitHub focus specifically on Iranian service APIs to bypass local rate limits:
iran-bomber (Go/Python): Often cited for its speed and inclusion of over 130 local APIs.
Arya-sms-bomb: A Python-based tool utilizing multiple Iranian services to send automated OTP requests.
FAST-SMS-BOMBER: A Javascript/Node.js implementation targeting various Iranian gateways. Ethical & Legal Risks
Using or even hosting these tools carries significant risks, especially within the current legal climate in Iran: iran-bomber · GitHub Topics
💎 So Fast, +130 Api, Best Bomber. iran sms-api smsapi smsbomber sms-iran iran-sms spammer-tool smsbomber-python iran-bomber iran- GitHub Impact of Islamic Ethics on cybersecurity policy in Iran
The story of "SMS bombers" in Iran, particularly those found on GitHub, is a tale of digital pranksterism and harassment tools developed by local programmers. These scripts leverage the way Iranian web services handle phone verification to flood targets with unwanted messages. The Mechanics of the "Bomber"
Iranian SMS bombers are scripts (often written in Python, Go, or JavaScript) that target the "OTP" (One-Time Password) systems of popular Iranian apps and websites.
API Exploitation: The tools contain lists of APIs from major Iranian services like Snap, Digikala, Divar, and Tapsi.
The Attack: When a user inputs a target phone number, the script sends dozens or hundreds of "request password" or "login" calls to these various services simultaneously.
Result: The victim's phone receives an overwhelming flood of legitimate verification codes from different companies within seconds, rendering the phone effectively unusable for a period. Notable GitHub Projects
Several repositories have gained notoriety within the Iranian developer community:
iran-bomber (by M-logique): A popular, fast, cross-platform tool written in the Go language, designed for high-speed delivery.
iran-sms-bomber (by soul-strings): A JavaScript-based version described as "just a fun thing," highlighting how these tools are often framed as jokes or pranks rather than malicious malware.
Charon SMS Bomber: A more aggressive tool that includes capabilities for both SMS and call spamming. The Context and "Story"
The proliferation of these tools on GitHub under topics like bomber-sms-iran reflects a specific subculture:
Low Barrier to Entry: Because these scripts don't "hack" the services but simply use their public-facing login pages, they are easy to write and maintain.
Cat-and-Mouse Game: Iranian companies frequently update their security to include rate-limiting or CAPTCHAs to stop these bombers. In response, GitHub developers update their "API lists" to find new, unprotected services.
Grey Area: While often used for "revenge" or pranks between friends, these tools are technically a form of Distributed Denial of Service (DDoS) against an individual's communication and can be used for serious harassment. iran-sms-bomber · GitHub Topics
An SMS Bomber, in the context of telecommunications and cybersecurity, is a tool or script that automates the process of sending numerous SMS messages to a targeted phone number. This can be achieved through various means, including exploiting vulnerabilities in online SMS services, using botnets, or leveraging APIs meant for legitimate use.
The specific keyword combination "SMS Bomber GitHub Iran" is not accidental. Iran presents a unique digital battleground for several reasons: