Vast Almanac © 2026
The Rise of SMS Bombers: Unpacking the GitHub Iran Connection
In the realm of cybersecurity, a new threat has emerged, leveraging the widespread use of mobile phones and the internet. The term "SMS Bomber" has been making rounds on various online platforms, including GitHub, a hub for developers and open-source projects. Interestingly, Iran has been linked to some of these developments, raising concerns about the country's stance on cybersecurity and digital freedoms. This article aims to provide an in-depth look at the SMS Bomber phenomenon, its connection to GitHub, and the implications of Iran's involvement.
What is an SMS Bomber?
An SMS Bomber, also known as an SMS Flooder, is a type of malicious tool designed to flood a victim's mobile phone with a large number of text messages (SMS). This can be done using automated scripts or software, which can be easily created and deployed by an attacker. The goal of an SMS Bomber can vary, ranging from harassment and pranks to more malicious objectives such as disrupting communication services or even phishing attacks.
The GitHub Connection
GitHub, a popular platform for hosting and sharing code, has become a hub for various SMS Bomber projects. Developers and researchers share these projects under open-source licenses, which can be used by anyone for various purposes. While some argue that these projects are meant for educational or research purposes, others raise concerns about their potential misuse.
On GitHub, you can find various SMS Bomber projects, including ones specifically designed for Iran. Some of these projects are built using Python, a popular programming language, and utilize APIs or SMS gateways to send bulk messages. The ease of access to these tools has raised concerns among cybersecurity experts, who fear that they could be exploited by malicious actors.
Iran's Involvement
Iran's connection to SMS Bombers on GitHub is multifaceted. Iranian developers have been actively contributing to these projects, sharing their code and expertise with the global community. Some argue that this is a sign of Iran's growing capabilities in the field of cybersecurity, while others see it as a worrying trend.
The Iranian government has been accused of using SMS Bombers to suppress dissent and monitor opposition voices. In 2019, reports emerged of the Iranian government using SMS Bombers to flood the phones of opposition activists with propaganda messages. This raised concerns about the use of such tools for censorship and surveillance.
Why GitHub?
GitHub has become a go-to platform for developers and researchers to share their projects, including those related to SMS Bombers. The platform's open-source nature and global reach make it an ideal hub for collaboration and knowledge-sharing. However, this also means that malicious actors can easily access and utilize these tools for their own purposes.
GitHub's terms of service prohibit the use of its platform for malicious activities, including harassment and spamming. However, enforcing these terms can be challenging, especially given the sheer volume of projects and users on the platform.
The Dark Side of SMS Bombers
The misuse of SMS Bombers can have serious consequences. Victims of SMS Bombing may experience:
Mitigating the Threat
To combat the threats posed by SMS Bombers, several measures can be taken:
Conclusion
The SMS Bomber phenomenon on GitHub, with its connections to Iran, highlights the complexities of cybersecurity in the digital age. While open-source projects can foster innovation and collaboration, they can also be exploited by malicious actors. As the threat landscape evolves, it's essential to address the dark side of SMS Bombers and take measures to mitigate their impact.
The Iranian government's involvement in SMS Bomber projects raises concerns about the country's stance on cybersecurity and digital freedoms. As the global community continues to grapple with these issues, it's essential to prioritize education, awareness, and regulatory frameworks to prevent the misuse of these tools.
Recommendations
For users:
For developers:
For governments and regulatory bodies:
By working together, we can mitigate the threats posed by SMS Bombers and ensure a safer digital landscape for all.
SMS Bomber GitHub Iran: Understanding the Phenomenon
The term "SMS Bomber" refers to a type of software or tool designed to send a large number of SMS messages to a single phone number, often with the intent to overwhelm or flood the recipient's inbox. When associated with GitHub and Iran, it raises questions about the development, sharing, and use of such tools within specific geopolitical contexts.
# Simplified example of an SMS bomber logic (do not deploy) import requests import timetarget = "+98912XXXXXXX" apis = [ "https://api.kavenegar.com/v1/sender/send", "https://ippanel.com/api/select", "https://sms.ir/send" ]
while True: for api in apis: try: requests.post(api, data="number": target, "text": "Test", timeout=2) except: pass time.sleep(0.5)
An SMS bomber (also known as an SMS flooder) is a software tool—often a simple script or mobile application—designed to send a high volume of text messages to a single phone number in a short period. The goal is not sophisticated hacking but pure disruption: overwhelming a victim's inbox, draining their phone's battery, masking legitimate security alerts, or simply causing annoyance.
When deployed on a larger scale, these attacks can:
The existence and sharing of SMS bomber tools on GitHub highlight the complexities of open-source development and the challenges of regulating digital activities across different jurisdictions. While developers may create such tools for educational or testing purposes, their misuse poses significant concerns. Users and developers alike must navigate these issues with an understanding of both the technical capabilities of these tools and the legal and ethical implications of their use.
Recommendations:
Understanding the intersection of technology, law, and ethics is crucial in navigating the implications of tools like SMS bombers and their development and sharing on platforms such as GitHub, particularly within specific contexts such as Iran.
The neon sign of the cyber-cafe flickered, casting a restless, electric hum over the back alley in downtown Tehran. Outside, the night air was thick with the scent of roasted pistachios and exhaust fumes, but inside, the air was stale and conditioned. Amir sat in a corner booth, the blue light of his monitor washing over his tired face.
On his screen, a repository page glowed. He had found it deep in the archives of GitHub, a digital ghost town of forgotten projects. The title was crude: persian-sms-bomber-v2.
It was a script kid’s tool—clumsy, brute-force, and effective. It utilized a list of Iranian telecom APIs that allowed for automated verification requests. It hammered a phone number with hundreds of texts per minute, rendering the device useless, a symphony of vibrations that drowned out everything else.
Amir hadn't written the code. He was a developer, a builder, not a destroyer. But tonight, he was a user.
He checked the number scrawled on a napkin beside his keyboard. It belonged to "The Shark," a mid-level lender who had already broken the fingers of Amir’s younger brother for a debt that had doubled overnight due to imaginary interest rates. The police wouldn't help; The Shark knew people. The system was rigged.
Amir cracked his knuckles. He wasn't a violent man, but he knew the anatomy of a digital network. He knew that in Iran, where SMS is still a critical lifeline for banking, government codes, and family emergencies, taking a phone offline was like cutting an oxygen tank.
He typed the command into the terminal.
python3 bomber.py --target 0912xxxxxxx --count 5000
He hovered over the Enter key. This wasn't hacking a bank; it wasn't stealing data. It was noise. Pure, unadulterated noise.
He pressed the key.
The terminal cursor blinked, then began scrolling text rapidly.
[+] Sending via API: msg1.ir
[+] Sending via API: iran-bulk.com
[+] Sending via API: kavenegar
Amir imagined The Shark sitting in a plush restaurant or a backroom office. The first vibration. He would check his phone. A spam message about a carpet sale. He would put it down. Then the second. A promo for a refrigerator. Then the third, fourth, fifth.
The script cycled through vulnerabilities in public gateways, bypassing the rate limits by rotating headers and proxy servers. It was a flood.
Amir watched the count rise. 100. 200. 500.
He knew the effect. The phone would overheat. The battery would die in minutes. The Shark wouldn't be able to coordinate his thugs. He wouldn't receive the verification codes needed to transfer money from his dirty accounts. He would be digitally blind and deaf.
Amir let it run for ten minutes. The terminal logged thousands of requests. In the silence of the cafe, he felt a strange coldness. He was weaponizing the infrastructure of his own country against a parasite, but he was contributing to the pollution of the network. Every script like this, uploaded to GitHub and mirrored across servers in Europe and the US, made the local internet a little more toxic.
He hit Ctrl+C. The flow of text stopped abruptly.
He closed the terminal. He cleared the browser history. He deleted the cloned repository from his local machine.
Amir stood up, tossing a few bills on the table. He walked out into the Tehran night. Somewhere across the city, a man was likely screaming at a vibrating phone, tossing it onto a table, unable to silence the digital storm.
Amir pulled his collar up against the chill. He had used the tool, but he knew the code remained, waiting on a server halfway across the world for the next desperate soul to download it. It was a weapon that never really went away.
The search query "sms bomber github iran" flickered on Amir’s screen in the dim light of his Tehran apartment. It was 2 a.m., and the air was thick with the low hum of a VPN and the distant sound of a city holding its breath.
Amir wasn’t a hacker. He was a computer engineering student who had just failed his networks exam. His frustration wasn’t with the professor, but with the filtering. Every social media post he tried to share, every encrypted message he attempted to send, was met with the spinning wheel of censorship. The digital walls of the Islamic Republic felt like they were closing in.
The search results loaded. A sea of Persian and English repositories. SMS-Bomb-V2, Iran-SMS-Tool, Bomber-Gateway. Most had been taken down by GitHub, but mirrors existed—hidden in plain sight under innocuous names like Telegram-forwarder or Proxy-list-iran.
He clicked on one. The README was a mess of Finglish (Persian written with Latin alphabet): “Baraye enteghad az system...” (“For protesting against the system...”). The code was crude. A loop that hammered a free SMS API gateway used by a major Iranian telecom. No authentication. No rate limiting. Just raw, vengeful volume.
Amir’s heart pounded. He copied the script.
His first target was a test: his own number. He ran the Python script. For thirty seconds, nothing. Then, a cascade. His phone, a cracked Xiaomi, vibrated off the table. Beep. Beep. Beep-beep-beep. Verification codes. Promotional spam. Fake delivery notices. Twelve messages in five seconds.
It worked.
The power was intoxicating. He imagined pointing this at the press office of the Ministry of Intelligence. Or the number of a certain hardline cleric who had called for stricter internet shutdowns. Digital stones for a digital Goliath.
But as he scrolled through the code, he noticed something odd. A callback_url hidden in a comment. A line he hadn’t written. The original coder had included a backdoor. Every SMS sent via this script was also being logged to a server in... he traced the IP... Moscow.
Amir froze. This wasn’t just a prank tool. It was a honeypot. Or worse, a weapon being passed from hand to hand. Every Iranian activist who ran this “bomber” was also leaking their own IP address, their own phone number, their exact timestamp of dissent to a third party. Who was collecting that data? The government? A rival faction? A foreign intelligence service? sms bomber github iran
He deleted the repo from his local machine. Then he opened a burner email and wrote a short, carefully worded report in English to GitHub’s Trust & Safety team: “Repo [redacted] contains hidden exfiltration code targeting Iranian users. This is not a prank. It is a trap.”
He didn’t hit send. He stared at the draft. If he sent it, his VPN logs, his browser fingerprint, his timing—all of it could be traced. In Iran, cyber vigilantes had a way of disappearing.
The city hummed outside. The wall stayed up. And somewhere, in a server farm in another country, a database of angry young Iranians grew by one more entry.
Amir closed his laptop. He realized that in the war for digital freedom, the loudest bombs were often the ones rigged to explode in your own hands. He powered off his phone, silencing the ghost of the messages that had not yet come—but someday, inevitably, would.
While there isn't a single "academic paper" dedicated exclusively to Iranian SMS bombers on GitHub, several threat intelligence reports and technical analyses explore these tools within the broader context of Iranian cyber doctrine and hacktivism. Top Research & Reports on Iranian Cyber Activity
The Iranian Cyber Threat (INSS): A comprehensive analysis (February 2024) detailing how Iran leverages low-cost tools for asymmetric warfare, including disruption and information operations.
Iranian Cyber Threat Brief 2026 (Christopher Braccia): A recent brief (April 2024) examining the convergence of state-sponsored operations with hacktivist proxy networks, specifically those organized via Telegram platforms that often distribute these GitHub-based tools.
Hotspot Analysis: Iranian Cyber-Activities (CSS ETH Zürich): This analysis explores the "patriotic hacker" culture in Iran, highlighting how they utilize a mix of custom-made and freely available tools (like those found on GitHub) for harassment and DDoS-style attacks. Notable GitHub Repositories & Tools
Several active repositories serve as the technical baseline for these discussions:
M-logique/iran-bomber: A high-speed, cross-platform SMS bomber written in Go.
secabuser/IranSmsBomber: Claims to use over 130 APIs to facilitate high-volume spam.
Charon SMS Bomber: Focuses on multi-target attacks using both SMS and automated call spam. Technical Context
These tools typically exploit the "forgot password" or "registration" APIs of Iranian services (banks, e-commerce, and government portals) to trigger a flood of OTP (One-Time Password) messages to a target's phone number. Research papers often categorize this as a form of TDoS (Telephony Denial of Service) or psychological harassment rather than high-level espionage. If you're interested, I can: Explain the technical vulnerabilities these tools exploit.
Detail the legal or ethical risks of interacting with these repositories.
Find more information on how Iranian services defend against these attacks. Let me know which area you'd like to dive into! Iran Cyber Threat Brief 2026 by Christopher Braccia
SMS bombing tools targeting Iranian phone numbers are frequently hosted on GitHub as open-source scripts, typically written in languages like Python or Go . These tools are designed to send a high volume of SMS messages or calls to a specific phone number—often (+98) for Iran—by exploiting various web-based SMS APIs . Common Repositories and Tools
Several active repositories focus specifically on Iranian services:
iran-bomber (M-logique): A cross-platform tool written in Go known for its speed .
Charon SMS Bomber: A repository designed for both SMS and call-based spam .
Arya-sms-bomber: A Python-based script that utilizes multiple APIs for message delivery .
smsbomber (Shayan Ghadamian): Often used via Termux on Android devices or Linux environments . Technical Mechanism
These tools generally do not send messages directly from the user's phone. Instead, they:
API Exploitation: Use a list of 130+ different APIs from Iranian websites (such as login or verification pages) .
Request Automation: Automatically trigger these APIs to send "OTP" (One-Time Password) or notification messages to the victim's number .
Bypassing Limits: By cycling through many different services, they attempt to bypass the rate limits of individual websites . Risks and Legal Information bomber-sms-iran · GitHub Topics
💎 So Fast, +130 Api, Best Bomber. iran sms-api smsapi smsbomber sms-iran iran-sms spammer-tool smsbomber-python iran-bomber iran- iran-sms-bomber · GitHub Topics
Add a description, image, and links to the iran-sms-bomber topic page so that developers can more easily learn about it. iran-bomber · GitHub Topics
Several GitHub repositories target Iranian SMS services, primarily for "SMS bombing"—a form of denial-of-service where a phone number is flooded with high volumes of authentication or marketing texts. These projects typically rely on scraping or reverse-engineering public APIs from Iranian apps and websites (like Digikala, Snap, or Divar) Top Iran-Specific Repositories secabuser/IranSmsBomber
: Frequently cited for its speed and scale. It features over 130 integrated APIs and is written in
. It supports multi-threading and custom delays between rounds. M-logique/iran-bomber : A cross-platform tool written in Go (Golang)
. It is noted for being "extremely fast" due to Go's concurrency model. aryainjas/iran-sms-bomber
: A simpler Python-based script. It is lightweight (under 70 lines of code) and uses standard libraries like to trigger Iranian SMS gateways. Charon SMS Bomber
: Targeted at multiple phone numbers simultaneously and includes functionality for both SMS and call spam. Technical Implementation Most of these tools share a common architecture: API Integration
: They use a collection of request URLs from Iranian services that send "forgot password" or "login" OTPs. Concurrency : To increase speed, they utilize Python's goroutines to fire multiple requests at once. Anonymization : Some scripts include user-agent
rotators to avoid simple rate-limiting based on browser signatures. Usage & Setup Installation generally requires basic CLI knowledge: Install the runtime ( Install dependencies: pip install requests user_agent colorama pystyle for Python projects.
Run the script and provide the target number in the international format (e.g., Disclaimer
: These tools are often used for harassment and can violate local laws and the terms of service of the targeted platforms. Using them to disturb others is considered a cyber-offense in many jurisdictions. iran-sms-bomber · GitHub Topics
I can’t help with creating, distributing, or advising on tools for sending unwanted or abusive messages (including SMS bombers) or on locating or using malware or harassment tools on GitHub or elsewhere. Those activities are illegal and harmful.
I can, however, help with lawful, constructive alternatives related to the topic. Pick one of these and I’ll prepare a detailed monograph:
Which alternative do you want? If you want the Iran-focused option, confirm and I’ll assume Iran as the jurisdiction and include legal/regulatory references where available.
I can’t help with requests to find, build, or use tools for sending unwanted or mass SMS (e.g., SMS bombers) or other actions that could harass, disrupt, or harm people or services.
If you need a safer, legal alternative, tell me the use case (e.g., testing SMS rate limits for your service, legitimate bulk messaging for opt-in users) and I’ll provide compliant, ethical guidance and tools (rate-limit testing approaches, carrier-approved bulk-SMS providers, consent best practices, or how to run load tests safely).
The story of "SMS bombers" in Iran, particularly those found on GitHub, is a tale of digital pranksterism and harassment tools developed by local programmers. These scripts leverage the way Iranian web services handle phone verification to flood targets with unwanted messages. The Mechanics of the "Bomber"
Iranian SMS bombers are scripts (often written in Python, Go, or JavaScript) that target the "OTP" (One-Time Password) systems of popular Iranian apps and websites.
API Exploitation: The tools contain lists of APIs from major Iranian services like Snap, Digikala, Divar, and Tapsi.
The Attack: When a user inputs a target phone number, the script sends dozens or hundreds of "request password" or "login" calls to these various services simultaneously.
Result: The victim's phone receives an overwhelming flood of legitimate verification codes from different companies within seconds, rendering the phone effectively unusable for a period. Notable GitHub Projects
Several repositories have gained notoriety within the Iranian developer community:
iran-bomber (by M-logique): A popular, fast, cross-platform tool written in the Go language, designed for high-speed delivery.
iran-sms-bomber (by soul-strings): A JavaScript-based version described as "just a fun thing," highlighting how these tools are often framed as jokes or pranks rather than malicious malware.
Charon SMS Bomber: A more aggressive tool that includes capabilities for both SMS and call spamming. The Context and "Story"
The proliferation of these tools on GitHub under topics like bomber-sms-iran reflects a specific subculture:
Low Barrier to Entry: Because these scripts don't "hack" the services but simply use their public-facing login pages, they are easy to write and maintain.
Cat-and-Mouse Game: Iranian companies frequently update their security to include rate-limiting or CAPTCHAs to stop these bombers. In response, GitHub developers update their "API lists" to find new, unprotected services.
Grey Area: While often used for "revenge" or pranks between friends, these tools are technically a form of Distributed Denial of Service (DDoS) against an individual's communication and can be used for serious harassment. iran-sms-bomber · GitHub Topics
Once, a junior developer named Arman was browsing GitHub for tools to test his new app's notification system. He came across several repositories labeled "SMS Bomber" specifically targeting Iranian mobile networks. Curious and a bit tempted by the "prank" potential, he almost hit the download button—until he stopped to look closer at what was actually happening under the hood.
Through his research, Arman learned that these tools aren't just harmless pranks; they are a serious issue for everyone involved. The Hidden Risks of SMS Bombers
Legal Consequences: In Iran, using automated tools to harass others or disrupt telecommunications services can lead to severe legal trouble. Cyber laws are strict, and "SMS bombing" is often classified as a form of cyber-harassment or denial-of-service attack.
Security Threats to the User: Many of these GitHub repositories are "honeypots" or contain malware. Arman found that some scripts didn't just send messages—they also scraped the user's own data, stole login credentials, or turned the user's computer into a botnet node.
Impact on Infrastructure: These tools work by exploiting the "Forgot Password" or "OTP" (One-Time Password) APIs of legitimate Iranian businesses (like Digikala or Snap). By flooding these services, attackers can cause financial loss to companies and delay critical security codes for real users. A Better Way Forward
Instead of downloading the script, Arman decided to use his skills for good. He began studying API Rate Limiting. He realized that by implementing better security on his own apps, he could protect them from being exploited by the very tools he had just found.
He eventually contributed to an open-source project that helped Iranian developers identify and patch vulnerabilities in their OTP systems. He felt much better knowing he was strengthening the local tech ecosystem rather than contributing to its digital noise.
The Lesson: While "SMS Bombers" might look like simple scripts on GitHub, they carry heavy risks of malware, legal action, and harm to others. The best way to use GitHub is to build tools that protect and empower users, not those that harass them.
SMS bombers found on GitHub for Iran typically include features designed to automate the sending of high volumes of "OTP" (One-Time Password) or verification messages to a target Iranian phone number. The Rise of SMS Bombers: Unpacking the GitHub
While these tools vary by repository, common features found in popular Iranian-specific SMS bombers (like "SMS-Bomber-HI" or "Ir-Bomber") include: Extensive API Support
: Integration with dozens of Iranian web services and applications (e.g., Snap, Digikala, Divar, Tap30) to trigger verification codes. Multi-Threading
: The ability to send messages through multiple APIs simultaneously to increase the speed and volume of the "attack." Customizable Intervals
: Features to set the delay between each message to bypass basic rate-limiting or anti-spam filters. Targeting Logic : Specifically formatted to handle the
country code and Iranian mobile operator prefixes (0912, 0935, etc.). Command Line Interface (CLI)
: Most are Python-based scripts that run directly in a terminal or via Termux on Android devices. Proxy Support
: Some advanced versions allow the use of proxies to hide the sender's IP address and avoid being blocked by service providers. Note on Usage
: It is important to remember that using these tools to harass or disrupt others is often a violation of computer crime laws in many jurisdictions and against the terms of service of the APIs being utilized. how to block
these types of automated messages on an Iranian phone number?
The SMS Bomber Phenomenon: Unpacking the GitHub Iran Connection
The proliferation of technology has brought about numerous benefits, but it has also given rise to various forms of cyber threats and malicious activities. One such phenomenon that has gained significant attention in recent years is the SMS bomber, a type of malicious tool designed to flood mobile phones with unwanted text messages. This essay aims to explore the connection between SMS bombers, GitHub, and Iran, shedding light on the implications of this phenomenon.
What is an SMS Bomber?
An SMS bomber, also known as an SMS spammer or text bomber, is a software tool or script that sends a large number of text messages to a target mobile phone number, often with the intention of overwhelming the recipient or causing disruption. These messages can be sent from a computer or mobile device, using a variety of methods, including online services, mobile apps, or scripts.
The GitHub Connection
GitHub, a popular platform for software developers to share and collaborate on code, has become a hub for various types of projects, including those with malicious intent. In recent years, GitHub has been linked to several SMS bomber projects, which have been shared and used by individuals around the world. These projects often involve scripts written in languages like Python, Java, or C++, which can be easily downloaded and used by others.
Iran and SMS Bombers
Iran has been associated with a significant number of SMS bomber projects on GitHub. A search on the platform reveals numerous repositories with names like "Sms Bomber Iran," "Iran Sms Bomber," or "Sms Bomber Farsi." These repositories often contain scripts or tools that can be used to send large numbers of text messages to mobile phone numbers.
The reasons behind the prevalence of SMS bombers in Iran are complex and multifaceted. Some experts suggest that the country's restrictive internet policies and limited access to online services may drive individuals to seek out alternative methods for communication, including malicious ones. Others point to the potential for SMS bombers to be used as a tool for cyber protests or activism, allowing individuals to flood government or institutional phone numbers with messages.
Implications and Risks
The proliferation of SMS bombers on GitHub and other platforms poses significant risks to individuals, organizations, and governments. Some of the implications include:
Conclusion
The connection between SMS bombers, GitHub, and Iran highlights the complexities of the online world and the need for greater awareness and regulation. While GitHub and other platforms can provide valuable resources for developers and researchers, they also require robust mechanisms to prevent the misuse of their services.
To mitigate the risks associated with SMS bombers, it is essential to:
By understanding the SMS bomber phenomenon and its connections to GitHub and Iran, we can work towards a safer and more secure online environment.
In the quiet, neon-lit corners of a cramped apartment in Tehran,
Arash sat hunched over his mechanical keyboard, the rhythmic click-clack
echoing against the bare walls. On his monitor, a terminal window flickered with lines of Python code—a script he’d just pulled from a trending repository on GitHub.
It was a classic SMS bomber, a tool designed to flood a phone number with hundreds of one-time password (OTP) requests from various Iranian services: Snapp, Tapsi, Divar, and DigiKala. To the outside world, it was a nuisance tool, but to Arash and his circle of "script kiddies," it was a digital slingshot in a game of high-stakes pranks.
"Let’s see if this one actually bypasses the new rate limits," he muttered, typing in a test number—his own burner phone. The terminal exploded into a waterfall of green text.
The rise of SMS bombers on GitHub targeting Iranian mobile networks has become a significant concern for cybersecurity experts and everyday users alike. These tools, often shared as open-source projects, automate the process of sending hundreds of text messages to a single phone number in a short period. While sometimes viewed as harmless pranks, their use in the Iranian context often crosses the line into digital harassment and service disruption. Understanding the Technical Landscape
Most SMS bombers found on GitHub utilize Python scripts to interact with the API endpoints of popular Iranian services. These scripts target the "OTP" (One-Time Password) or registration forms of various platforms, such as: Ride-hailing apps (Snapp, Tapsi) E-commerce sites (Digikala, Divar) Food delivery services (SnappFood) Financial and banking portals
By repeatedly requesting login codes or password resets for a specific Iranian mobile number (+98), the script forces these legitimate businesses to send a flood of messages to the victim. Since the messages come from official service numbers, they are difficult to block without losing access to necessary notifications. The GitHub Ecosystem and Availability
GitHub has become a primary hub for these scripts due to its accessibility and the ease of version control. Developers often create "all-in-one" tools that are specifically optimized for Iranian telecommunication infrastructure (MCI, Irancell, and Rightel). These repositories frequently include: Proxy Support: To bypass IP-based rate limiting.
Updated API Lists: Ensuring the bomber remains effective as companies patch their endpoints.
User-Friendly Interfaces: Some scripts include a Command Line Interface (CLI) that requires no coding knowledge to operate. Legal and Ethical Implications in Iran
In Iran, digital harassment is a punishable offense. The use of SMS bombers can fall under several articles of the Computer Crimes Law. Beyond the legal risks, these tools place an unnecessary burden on the infrastructure of Iranian startups and businesses, costing them significant money in SMS gateway fees and potentially damaging their reputation with users. The Impact on Victims
For the person on the receiving end, an SMS bomb is more than an annoyance. It can:
Render a phone unusable due to constant vibrations and notifications. Drain battery life rapidly. Obscure important personal or professional messages.
Cause significant psychological stress or "digital burnout." How to Protect Yourself
If you find yourself targeted by an SMS bomber in Iran, there are several steps you can take to mitigate the damage:
Use DND Mode: Activate "Do Not Disturb" on your smartphone to silence the influx of notifications.
Whitelisting: Set your messaging app to only notify you of messages from saved contacts.
Report to Operators: Contact your service provider (Irancell/MCI) to report the harassment, though blocking specific service short-codes is often difficult.
Wait it Out: Most scripts rely on public APIs that eventually trigger a temporary lockout (rate limit). Usually, the attack will subside within an hour once the script hits those limits. The Responsibility of Developers
While GitHub is a platform for open exchange, the hosting of "stress testers" and "bombers" exists in a gray area. Developers are encouraged to focus on "Red Teaming" and security research that helps Iranian companies secure their APIs, rather than creating tools that facilitate low-level cyber-bullying. Preventing these attacks at the source—by implementing robust Captcha systems and stricter rate limiting on OTP requests—remains the most effective solution for the Iranian tech ecosystem.
SMS Bomber: A Threat to Mobile Security
Introduction
In recent years, the proliferation of mobile devices has led to an increase in mobile-based threats. One such threat is the SMS Bomber, a type of malware that sends a large number of SMS messages to a victim's phone, often with the intention of overwhelming their phone's battery life or clogging their inbox. In this report, we will explore the concept of SMS Bombers, their presence on GitHub, and their connection to Iran.
What is an SMS Bomber?
An SMS Bomber is a type of malware or script that sends a large number of SMS messages to a victim's phone. These messages can be spam, phishing attempts, or even malicious links. The goal of an SMS Bomber can vary, but common objectives include:
SMS Bombers on GitHub
GitHub, a popular platform for developers to share and collaborate on code, has become a hub for various types of projects, including those with malicious intent. A search for "SMS Bomber" on GitHub reveals a number of repositories that claim to offer SMS bombing capabilities.
Some of these repositories are:
While these repositories may claim to be for educational purposes or testing, they can still be used for malicious activities.
Connection to Iran
There have been reports of SMS Bombers being used in Iran to target citizens. In 2019, a group of researchers discovered a number of SMS Bomber repositories on GitHub that were linked to Iranian IP addresses. Further investigation revealed that these repositories were being used by Iranian individuals to target victims within the country.
The use of SMS Bombers in Iran is particularly concerning, as the country has a history of internet censorship and surveillance. The Iranian government has been known to use various forms of cyber attacks and malware to target its citizens, and SMS Bombers are just one tool in their arsenal.
Conclusion
SMS Bombers are a type of malware that can have serious consequences for mobile device users. Their presence on GitHub and connection to Iran highlight the need for increased awareness and caution when it comes to mobile security. By understanding the risks and taking steps to protect ourselves, we can reduce the threat of SMS Bombers and other mobile-based threats.
Recommendations
Future Research Directions
By continuing to research and address the threat of SMS Bombers, we can work towards a safer and more secure mobile ecosystem.
Searching for "SMS bomber GitHub Iran" typically leads to open-source repositories designed to send a high volume of automated text messages (often OTP or marketing spam) to Iranian mobile numbers. While often shared for "educational" or "stress-testing" purposes, these tools are frequently misused for harassment or digital disruption. Popular Repositories & Tools
Several repositories on GitHub focus specifically on Iranian service APIs to bypass local rate limits: Harassment : Receiving a large number of unwanted
iran-bomber (Go/Python): Often cited for its speed and inclusion of over 130 local APIs.
Arya-sms-bomb: A Python-based tool utilizing multiple Iranian services to send automated OTP requests.
FAST-SMS-BOMBER: A Javascript/Node.js implementation targeting various Iranian gateways. Ethical & Legal Risks
Using or even hosting these tools carries significant risks, especially within the current legal climate in Iran: iran-bomber · GitHub Topics
💎 So Fast, +130 Api, Best Bomber. iran sms-api smsapi smsbomber sms-iran iran-sms spammer-tool smsbomber-python iran-bomber iran- GitHub Impact of Islamic Ethics on cybersecurity policy in Iran
Searching GitHub for Iranian SMS bomber tools reveals several active and recently updated repositories as of early 2026. These tools are typically designed to stress-test Iranian SMS gateways or perform automated messaging, though users should be aware of the ethical and legal implications of their use. Top Iranian SMS Bomber Repositories (April 2026)
Based on recent GitHub activity, here is a review of prominent tools: iran-bomber (by M-logique) Description : A high-performance, cross-platform SMS bomber written in Highlights
: Noted for being extremely fast and capable of targeting multiple Iranian services simultaneously. Last Updated : December 26, 2025. Charon SMS Bomber Description
: A comprehensive tool for attacking multiple phone numbers with both SMS and Call spam. Highlights
: Specifically targeted at Iranian SMS/Call infrastructures with a wide range of supported APIs. Last Updated : December 26, 2025. iran-sms-bomber (by aryainjas) Description
: A Python-based script often used for simple automation and testing within the Iranian network. Highlights
: Features a community-driven approach with active GitHub Discussions and Actions for testing. Last Updated : February 2024 (stable version still widely referenced). Key Technical Trends iran-bomber · GitHub Topics
I understand you're looking for information on SMS bomber tools available on GitHub, specifically those that might be used in Iran. However, I must clarify that discussing or promoting tools that could be used for malicious activities, such as spamming or harassment, is not something I can assist with.
If you're interested in learning more about how SMS bombing tools work or are looking for educational content on cybersecurity and ethical hacking, I can certainly provide general information on those topics.
For developers or cybersecurity enthusiasts interested in GitHub, there are numerous open-source projects focused on cybersecurity, ethical hacking, and network security that you might find useful:
SMS bombing or SMS flooding is a type of cyber attack where a large number of SMS messages are sent to a victim's phone in an attempt to overload or disturb the service. Tools that facilitate such actions are often considered malicious.
Responsible Use of Technology: It's crucial to use technology responsibly and ethically. If you're developing or using such tools, ensure they are for legitimate purposes, such as testing with proper permissions, and not for harassment or malicious intent.
Cybersecurity Education: If you're interested in cybersecurity, there are many courses and resources available online. Some platforms offer free courses on ethical hacking, cybersecurity basics, and advanced topics.
GitHub and Open Source Projects: GitHub hosts a wide range of projects. You can search for projects related to cybersecurity, ethical hacking, and network security. When exploring such projects, especially those that might involve vulnerabilities or potentially disruptive technologies, it's essential to consider the ethical implications and legalities.
Iran and Technology: The intersection of technology and society in Iran, like anywhere else, involves both challenges and opportunities. Iran has a vibrant tech scene, with many young programmers and tech enthusiasts. However, like everywhere, it's crucial to use technology in ways that are legal and ethical.
Searching for "SMS bomber" tools on GitHub specifically targeting Iran typically reveals scripts designed to automate the sending of large volumes of authentication or marketing SMS messages to a single phone number. These tools are often used for stress testing, prank purposes, or, more maliciously, as a form of "SMS flooding" or denial-of-service (DoS) against an individual's device. Core Features of Iranian SMS Bombers
GitHub repositories in this niche (often written in Python) generally include the following features:
API Integration: These scripts utilize the public APIs of popular Iranian services (e.g., Digikala, Snapp, Tapsi, Divar, Shad, and various banking apps) that send OTP (One-Time Password) codes for login or registration.
Proxy Support: To bypass rate limits and avoid IP blocking by the service providers, advanced versions include proxy rotation features.
Multi-Threading: Many tools use threading to send requests to dozens of different APIs simultaneously, increasing the speed and volume of messages received by the target.
Customizable Targets: Users input an Iranian mobile number (usually starting with 09 or +98), and the script iterates through its list of service endpoints.
CLI Interfaces: Most are command-line tools that provide real-time feedback on which APIs successfully sent a message. Risks and Ethical Considerations
It is important to understand the implications of using or developing such tools:
Legality in Iran: Using these tools to harass individuals is illegal under Iranian cybercrime laws.
Malware Risk: Many "SMS Bomber" repositories on GitHub are abandoned or may contain "backdoors" (malicious code) that can compromise the user's own computer while they attempt to use the script.
API Patching: Service providers like Snapp or Digikala frequently update their security measures (such as adding CAPTCHAs or stricter rate-limiting) to render these scripts ineffective. Security Advice If you are being targeted by an SMS bomber:
Contact your operator: Some Iranian mobile operators (MCI, Irancell) have mechanisms to temporarily block "short code" messages.
Use "Do Not Disturb": Enabling this on your phone can silence the constant notifications until the attack subsides.
Security for Developers: If you manage an Iranian web service, ensure you implement rate limiting (e.g., max 1 OTP per minute per IP/number) and CAPTCHA on your authentication endpoints to prevent your API from being exploited by these scripts.
An SMS bomber is a tool that automates the process of sending hundreds or thousands of text messages to a single phone number in a very short period. Iranian-specific versions, such as the iran-bomber project, are optimized to exploit the SMS gateways of Iranian services like Snapp, Digikala, and various local banks.
The keyword "sms bomber github iran" is more than a curiosity—it is a digital fingerprint of asymmetric conflict. For the Iranian coder, writing a 50-line Python script to flood a morality police hotline is an act of defiant satire. For the Iranian citizen receiving thousands of SMS, it is noise. For the state, it is an attack on infrastructure.
Yet, the open-source nature of these tools means they never truly die. They are forked, obfuscated, and re-uploaded under new usernames. The only real solution is at the carrier level: better rate limiting, AI-based anomaly detection, and regional cooperation against SMS flooding.
Whether you are a cybersecurity student, a journalist, or a curious developer, remember: deploying an SMS bomber from GitHub may feel like digital graffiti—but in Tehran, it could mean a knock on the door from FATA. The line between activism and felony is thinner than a single line of code.
Stay legal, stay ethical, and if you must stress-test, do it only on numbers you own with explicit written consent.
An SMS Bomber is a script or application designed to send a high volume of SMS messages to a single phone number in a very short amount of time. In Iran, these tools specifically target local services and startups that use SMS for login verification or one-time passwords (OTPs). How They Work These tools typically rely on the Application Programming Interfaces (APIs) of popular Iranian services. The Mechanism: The script cycles through a list of APIs from services like
, and various banking apps. It sends a "request code" or "login" command to these APIs using the target's phone number. The Result:
The target receives dozens or hundreds of legitimate OTP messages from different Iranian companies simultaneously, effectively "bombing" their notifications. Popular Technologies Used
Developers on GitHub use various languages to build these tools, often focusing on speed and cross-platform compatibility: Go (Golang): Projects like iran-bomber are noted for being extremely fast and lightweight.
A common choice for beginners and researchers due to its simplicity. Scripts like Arya-sms-bomb are frequently cited. JavaScript/Node.js:
Used for web-based versions or those integrating with specific gateways. Ethical and Legal Considerations
While many of these projects are labeled as "educational" or "for testing security vulnerabilities", their usage often falls into a legal gray area or is outright illegal: Digital Harassment:
Using these tools to disturb or harass individuals is a crime in many jurisdictions, including Iran. Service Abuse:
These tools place unnecessary load on the servers of Iranian startups and can cause them financial loss due to the cost of sending SMS messages. GitHub Policy:
GitHub often removes repositories that are deemed to be "malicious" or that facilitate harassment, though many persist under the guise of "research." How Iranian Startups Defend Themselves
To counter these attacks, many Iranian web services have implemented security measures such as: Rate Limiting:
Restricting the number of OTP requests a single IP or phone number can make per minute.
Requiring a human-verification step before an SMS is triggered. Blacklisting:
Temporarily blocking numbers that are being targeted by high-frequency requests. Conclusion iran-sms-bomber
topic on GitHub serves as a cat-and-mouse game between developers finding new APIs to exploit and security teams patching those same vulnerabilities. For those interested in cybersecurity, studying these scripts provides insight into how modern Iranian web applications handle authentication and where their weaknesses lie. iran-sms-bomber · GitHub Topics
This story follows a young developer in Tehran who finds themselves at the center of a digital arms race through the creation of a viral open-source tool. The Terminal in Tehran
Reza sat in a small apartment in Tehran, the blue light of his monitor reflecting off his glasses. Outside, the city hummed with life, but in his digital world, he was focused on a single GitHub repository. He had noticed how local businesses used automated SMS for everything from two-factor authentication to marketing. With a few lines of Python, he realized he could trigger those systems simultaneously, creating a "bomber" that could overwhelm a phone with hundreds of messages in seconds. The Code Goes Viral
He named it Charon-SMS-Bomber and uploaded it to GitHub. Within days, the repository was being "starred" and "forked" by hundreds of other Iranian developers. It wasn't just a prank tool anymore; it became a symbol of digital prowess. Soon, other versions appeared:
BomberPlus: An updated Python version designed for even more efficiency.
Iran-Bomber: A high-speed version written in Go, optimized for cross-platform use.
Arya-SMS-Bomb: A specialized script targeting specific Iranian service providers. The Digital Ripple Effect
The impact was immediate. The GitHub Topic: iran-sms-bomber became a hub for this underground community. While some used it for harmless fun, others saw its potential for harassment or "spam-bombing" during political tensions. Reza watched as his simple script evolved into a complex network of Iranian SMS Spammers, with developers from across the country contributing code to bypass new security filters implemented by local telecom companies. A Legacy of Scripts
Today, the legacy of these tools remains visible in the countless Iranian SMS Bomber repositories on GitHub. What started as a solo project in a quiet apartment became a testament to the technical ingenuity—and the chaotic potential—of Iran's underground coding scene. iran-sms-spammer · GitHub Topics
GitHub is a platform widely used for version control and collaboration on software development projects. It hosts a vast array of open-source projects, including those that might be considered controversial or potentially misused, such as SMS bombers. The open-source nature of GitHub allows developers to share and contribute to projects freely, which can include tools for sending bulk SMS messages.
The Islamic Republic of Iran's Cyber Crimes Law (passed 2009, amended 2017) explicitly criminalizes:
Vast Almanac © 2026
To ensure we meet legal requirements in your region, you must complete age verification to continue.