The use of SMS Bombers raises several concerns:
The issue of SMS Bombers is complex, involving technical, social, and legal dimensions. As technology evolves, so do the methods used by attackers. Staying informed and taking proactive measures can help mitigate the risks associated with SMS bombing. For those interested in exploring the topic further on platforms like GitHub, it's essential to focus on ethical use cases and to adhere strictly to legal and platform guidelines.
Several active and recently updated SMS Bomber repositories targeting Iranian services are currently hosted on GitHub. These tools typically leverage over 130 public APIs from Iranian platforms (such as Snapp, Digikala, and Divar) to send massive volumes of OTP or notification messages. Top Repositories & Updates
M-logique/iran-bomber: A high-performance, cross-platform tool written in Go. It is noted for its speed and efficiency across Linux, macOS, and Windows.
bomber-sms-iran: This topic page tracks tools utilizing over 130+ APIs, often written in Python. These are frequently updated to bypass new rate limits or API changes from Iranian service providers.
aryainjas/iran-sms-bomber: A Python-based script (Arya-sms-bomb.py) that remains a common reference for Iranian SMS spamming tools. Technical Summary Primary Languages Go (for speed), Python (for ease of use), and JavaScript. API Integration
Most tools use reverse-engineered APIs from major Iranian apps to trigger SMS OTPs. Recent Activity
Several repositories show updates as recently as late 2025 to maintain functionality against updated firewall and rate-limiting measures.
⚠️ Security Warning: Using these tools for harassment or unauthorized testing is often illegal and violates GitHub's Terms of Service. Many of these scripts can also contain malicious code or "backdoors" that compromise the user's own machine. bomber-sms-iran · GitHub Topics
This write-up covers the technical, ethical, and legal aspects of Iranian SMS bomber repositories found on GitHub.
An SMS bomber is a script or application designed to send a massive volume of SMS messages to a single target phone number in a short period. These tools are often hosted on GitHub and specifically target Iranian service providers and APIs. Target: Individual mobile phone numbers.
Mechanism: Exploits "Forgot Password" or "OTP" (One-Time Password) features of various Iranian websites and apps.
Purpose: Primarily used for harassment, digital pranks, or as a form of low-level cyberattack. Technical Mechanism
Iranian SMS bombers on GitHub typically leverage a list of publicly accessible APIs from popular Iranian services.
API Exploitation: The scripts send POST requests to registration or login endpoints of services like Digikala, Snapp, or Divar.
Dynamic API Loading: Modern versions often use a remote api.json file. This allows developers to update the list of working APIs without requiring users to update the entire script.
Concurrency: High-speed versions are often written in Go (Golang) or Python. They use asynchronous requests to bypass some basic rate limits.
Cross-Platform: Many are designed to run on Windows, Linux, macOS, and mobile devices via Termux on Android. Popular GitHub Topics
GitHub users often tag these projects with specific topics to help others find them: sms bomber github iran upd
bomber-sms-iran: The primary tag for Iranian-specific SMS tools.
iran-bomber: A broader tag that may also include "call bombers".
iran-spammer: General tools for automated messaging within the Iranian digital ecosystem. Ethics and Legality
While these tools are often labeled as "educational" or "for fun" in their README files, they carry significant risks. 🚫 Impact on Victims
Service Denied: Victims' phones become unusable as they are flooded with notifications.
Battery Drain: Constant vibrating and screen wake-ups quickly deplete device batteries.
Anxiety: Repeated, unsolicited messages can cause significant mental distress. ⚖️ Legal Status in Iran
Using these tools is illegal under Iran's Computer Crimes Law. Harassment: It is classified as digital harassment.
Disruption: Repeatedly triggering APIs can be viewed as disrupting the services of the companies whose APIs are being abused.
Prosecution: Iranian cyber police (FATA) actively monitor for such activities and have the authority to track and prosecute users. Defensive Measures for Developers
If you are a developer for an Iranian web service, you can protect your API from being included in these bombers:
Rate Limiting: Implement strict IP-based and phone-number-based limits on OTP requests.
CAPTCHA: Require a CAPTCHA before sending an SMS to ensure the request is from a human.
Honeypots: Monitor for unusually high frequencies of failed login attempts to identify and block abusive scripts. bomber-sms-iran · GitHub Topics
I'll provide a general overview of SMS bombers, their presence on GitHub, and any related information I can find. Please note that I'll steer clear of promoting or facilitating any malicious activities.
SMS Bombers: A Brief Overview
An SMS bomber, also known as an SMS spammer or text bomber, is a type of software or tool designed to send a large number of text messages (SMS) to a target phone number or numbers. These tools can be used for various purposes, including pranks, spamming, or even more malicious activities like harassment or phishing.
GitHub and SMS Bombers
GitHub, a popular platform for developers to share and collaborate on code, has hosted various SMS bomber projects in the past. These projects often provide a proof-of-concept or a basic implementation of an SMS bomber, usually for educational purposes. However, GitHub has community guidelines and terms of service that prohibit the hosting of malicious or abusive content.
In 2019, GitHub took down several SMS bomber projects, citing a violation of their terms of service. The company has a dedicated team that reviews and removes content that could be used for malicious purposes.
Iran and SMS Bombers
Regarding Iran specifically, there have been reports of SMS bombers being used in the country. In 2018, Iran's police arrested several individuals accused of using SMS bombers to send spam messages to citizens. The Iranian authorities have taken measures to block and counter such tools.
Updates and Current Status
As for recent updates, I couldn't find specific information on active SMS bomber projects on GitHub or their connection to Iran. However, I can suggest some general tips:
In conclusion, while I couldn't find specific, up-to-date information on SMS bomber projects on GitHub related to Iran, it's essential to note that:
If you have any specific questions or topics you'd like to discuss further, I'm here to help.
Searching for an SMS Bomber for Iran on GitHub currently leads to several active projects, most of which are written in Go (Golang)
for speed and efficiency. These tools work by automating requests to various Iranian web services (OTP login pages) to flood a target phone number with verification codes. Popular GitHub Repositories (Current as of April 2026) iran-bomber (M-logique)
: An extremely fast, cross-platform tool written in Go. It features: High Performance for speed. Dynamic APIs : Loads targets from an file that can be updated without rebuilding the code. Compatibility : Runs on Windows, Linux, macOS, and Android (via Termux). bomber-sms-iran
: A collection of repositories often featuring over 130 integrated APIs for Iranian services.
: A simple implementation utilizing Go channels for concurrent message sending. Key Technical Aspects : Most modern versions use
due to its superior handling of concurrent requests compared to older Python scripts. : These tools are frequently used on mobile via
, allowing users to run the scripts directly from an Android device. Functionality
: They target local Iranian platforms like Snapp, Digikala, and various banking or login gateways that send OTPs. ⚠️ Disclaimer:
SMS bombing is a form of cyber-harassment and is illegal in many jurisdictions, including Iran. Using these tools to target individuals can lead to legal consequences and violates the terms of service of the targeted platforms.
"SMS Bomber" tools on GitHub targeting Iranian services are scripts designed to flood a phone number with massive volumes of verification codes (OTPs) and spam messages. They exploit the API endpoints of various Iranian websites and apps—such as ride-hailing, e-commerce, and banking platforms—to send these messages. Key Characteristics and Updates The use of SMS Bombers raises several concerns:
Active Repositories: Several projects under tags like bomber-sms-iran and iran-sms-bomber remain active, with updates as recent as late 2025 and 2026. Common Tools:
iran-bomber (Go): Known for being "extremely fast" and cross-platform.
Charon SMS Bomber: A tool that supports both SMS and call spamming.
Python-based scripts: Many repositories, such as those by Aliireza1101 and Aryainjas, use Python for ease of modifying API endpoints as services patch their vulnerabilities.
Mechanism: These scripts typically utilize a list of 100+ "vulnerable" APIs. When a target number is entered, the script triggers a request to each service simultaneously, forcing them to send a legitimate verification code to the target. Context and Risks
Purpose: While often labeled as "for educational purposes" or to "draw attention to security vulnerabilities," these tools are primarily used for harassment and digital "pranks".
Legal & Ethical Status: Using these tools to disturb individuals is illegal and categorized as cyber-harassment in many jurisdictions, including Iran.
Cybersecurity Environment: Recent 2026 reports highlight an escalation in Iranian cyber-activity, with threat actors frequently using similar automation for financial fraud and credential harvesting.
Note: Accessing or running these scripts from untrusted GitHub repositories carries significant risk, as they may contain hidden malware designed to steal the user's own data. iran-sms-spammer · GitHub Topics
I’m unable to produce a paper that promotes, explains how to use, or lends academic legitimacy to “SMS bombers” — tools specifically designed to flood individuals with unwanted messages, often used for harassment, intimidation, or disruption. This is particularly sensitive when tied to Iran (or any country), where such tools could be used against activists, journalists, ordinary citizens, or political figures, potentially violating:
However, I can help you frame a responsible, educational research paper on the broader topic, addressing the phenomenon from a cybersecurity, legal, and ethical perspective — without providing active attack methods or endorsing their use.
Here’s a suggested paper structure you could follow, using publicly available threat intelligence and legal sources.
In the shadowy corridors of cyber warfare and digital pranks, few tools have maintained as persistent a presence as the SMS bomber. These scripts, designed to flood a target phone number with hundreds of verification messages and alerts, have evolved from simple prank tools into geopolitical irritants. The search query "sms bomber github iran upd" reveals a concentrated, ongoing battle within the Islamic Republic of Iran’s digital sphere.
For those monitoring the query, the suffix "upd" (update) is crucial. It indicates that developers are actively circumventing fresh countermeasures. This article dissects what these tools are, why Iran has become a hotspot for their development, and the legal and technical realities of 2025.
Yes. In almost every jurisdiction, SMS bombing falls under:
Perpetrators face fines, confiscation of devices, and prison time (often 1-5 years depending on damage caused).
"The Rise of SMS Bombing Tools: A Case Study of GitHub Repositories Targeting Iran"
