The neon sign of the cyber-cafe flickered, casting a restless, electric hum over the back alley in downtown Tehran. Outside, the night air was thick with the scent of roasted pistachios and exhaust fumes, but inside, the air was stale and conditioned. Amir sat in a corner booth, the blue light of his monitor washing over his tired face.
On his screen, a repository page glowed. He had found it deep in the archives of GitHub, a digital ghost town of forgotten projects. The title was crude: persian-sms-bomber-v2.
It was a script kid’s tool—clumsy, brute-force, and effective. It utilized a list of Iranian telecom APIs that allowed for automated verification requests. It hammered a phone number with hundreds of texts per minute, rendering the device useless, a symphony of vibrations that drowned out everything else.
Amir hadn't written the code. He was a developer, a builder, not a destroyer. But tonight, he was a user.
He checked the number scrawled on a napkin beside his keyboard. It belonged to "The Shark," a mid-level lender who had already broken the fingers of Amir’s younger brother for a debt that had doubled overnight due to imaginary interest rates. The police wouldn't help; The Shark knew people. The system was rigged.
Amir cracked his knuckles. He wasn't a violent man, but he knew the anatomy of a digital network. He knew that in Iran, where SMS is still a critical lifeline for banking, government codes, and family emergencies, taking a phone offline was like cutting an oxygen tank.
He typed the command into the terminal.
python3 bomber.py --target 0912xxxxxxx --count 5000
He hovered over the Enter key. This wasn't hacking a bank; it wasn't stealing data. It was noise. Pure, unadulterated noise.
He pressed the key.
The terminal cursor blinked, then began scrolling text rapidly.
[+] Sending via API: msg1.ir
[+] Sending via API: iran-bulk.com
[+] Sending via API: kavenegar
Amir imagined The Shark sitting in a plush restaurant or a backroom office. The first vibration. He would check his phone. A spam message about a carpet sale. He would put it down. Then the second. A promo for a refrigerator. Then the third, fourth, fifth.
The script cycled through vulnerabilities in public gateways, bypassing the rate limits by rotating headers and proxy servers. It was a flood.
Amir watched the count rise. 100. 200. 500.
He knew the effect. The phone would overheat. The battery would die in minutes. The Shark wouldn't be able to coordinate his thugs. He wouldn't receive the verification codes needed to transfer money from his dirty accounts. He would be digitally blind and deaf.
Amir let it run for ten minutes. The terminal logged thousands of requests. In the silence of the cafe, he felt a strange coldness. He was weaponizing the infrastructure of his own country against a parasite, but he was contributing to the pollution of the network. Every script like this, uploaded to GitHub and mirrored across servers in Europe and the US, made the local internet a little more toxic.
He hit Ctrl+C. The flow of text stopped abruptly.
He closed the terminal. He cleared the browser history. He deleted the cloned repository from his local machine.
Amir stood up, tossing a few bills on the table. He walked out into the Tehran night. Somewhere across the city, a man was likely screaming at a vibrating phone, tossing it onto a table, unable to silence the digital storm.
Amir pulled his collar up against the chill. He had used the tool, but he knew the code remained, waiting on a server halfway across the world for the next desperate soul to download it. It was a weapon that never really went away.
Several GitHub repositories target Iranian SMS services, primarily for "SMS bombing"—a form of denial-of-service where a phone number is flooded with high volumes of authentication or marketing texts. These projects typically rely on scraping or reverse-engineering public APIs from Iranian apps and websites (like Digikala, Snap, or Divar) Top Iran-Specific Repositories secabuser/IranSmsBomber
: Frequently cited for its speed and scale. It features over 130 integrated APIs and is written in
. It supports multi-threading and custom delays between rounds. M-logique/iran-bomber : A cross-platform tool written in Go (Golang)
. It is noted for being "extremely fast" due to Go's concurrency model. aryainjas/iran-sms-bomber
: A simpler Python-based script. It is lightweight (under 70 lines of code) and uses standard libraries like to trigger Iranian SMS gateways. Charon SMS Bomber
: Targeted at multiple phone numbers simultaneously and includes functionality for both SMS and call spam. Technical Implementation Most of these tools share a common architecture: API Integration
: They use a collection of request URLs from Iranian services that send "forgot password" or "login" OTPs. Concurrency : To increase speed, they utilize Python's goroutines to fire multiple requests at once. Anonymization : Some scripts include user-agent
rotators to avoid simple rate-limiting based on browser signatures. Usage & Setup Installation generally requires basic CLI knowledge: Install the runtime ( Install dependencies: pip install requests user_agent colorama pystyle for Python projects.
Run the script and provide the target number in the international format (e.g., Disclaimer
: These tools are often used for harassment and can violate local laws and the terms of service of the targeted platforms. Using them to disturb others is considered a cyber-offense in many jurisdictions. iran-sms-bomber · GitHub Topics
Searching for "SMS bomber" tools on GitHub specifically targeting Iran typically reveals scripts designed to automate the sending of large volumes of authentication or marketing SMS messages to a single phone number. These tools are often used for stress testing, prank purposes, or, more maliciously, as a form of "SMS flooding" or denial-of-service (DoS) against an individual's device. Core Features of Iranian SMS Bombers
GitHub repositories in this niche (often written in Python) generally include the following features:
API Integration: These scripts utilize the public APIs of popular Iranian services (e.g., Digikala, Snapp, Tapsi, Divar, Shad, and various banking apps) that send OTP (One-Time Password) codes for login or registration.
Proxy Support: To bypass rate limits and avoid IP blocking by the service providers, advanced versions include proxy rotation features.
Multi-Threading: Many tools use threading to send requests to dozens of different APIs simultaneously, increasing the speed and volume of messages received by the target.
Customizable Targets: Users input an Iranian mobile number (usually starting with 09 or +98), and the script iterates through its list of service endpoints.
CLI Interfaces: Most are command-line tools that provide real-time feedback on which APIs successfully sent a message. Risks and Ethical Considerations
It is important to understand the implications of using or developing such tools:
Legality in Iran: Using these tools to harass individuals is illegal under Iranian cybercrime laws.
Malware Risk: Many "SMS Bomber" repositories on GitHub are abandoned or may contain "backdoors" (malicious code) that can compromise the user's own computer while they attempt to use the script.
API Patching: Service providers like Snapp or Digikala frequently update their security measures (such as adding CAPTCHAs or stricter rate-limiting) to render these scripts ineffective. Security Advice If you are being targeted by an SMS bomber:
Contact your operator: Some Iranian mobile operators (MCI, Irancell) have mechanisms to temporarily block "short code" messages.
Use "Do Not Disturb": Enabling this on your phone can silence the constant notifications until the attack subsides.
Security for Developers: If you manage an Iranian web service, ensure you implement rate limiting (e.g., max 1 OTP per minute per IP/number) and CAPTCHA on your authentication endpoints to prevent your API from being exploited by these scripts.
Once, a junior developer named Arman was browsing GitHub for tools to test his new app's notification system. He came across several repositories labeled "SMS Bomber" specifically targeting Iranian mobile networks. Curious and a bit tempted by the "prank" potential, he almost hit the download button—until he stopped to look closer at what was actually happening under the hood. sms bomber github iran
Through his research, Arman learned that these tools aren't just harmless pranks; they are a serious issue for everyone involved. The Hidden Risks of SMS Bombers
Legal Consequences: In Iran, using automated tools to harass others or disrupt telecommunications services can lead to severe legal trouble. Cyber laws are strict, and "SMS bombing" is often classified as a form of cyber-harassment or denial-of-service attack.
Security Threats to the User: Many of these GitHub repositories are "honeypots" or contain malware. Arman found that some scripts didn't just send messages—they also scraped the user's own data, stole login credentials, or turned the user's computer into a botnet node.
Impact on Infrastructure: These tools work by exploiting the "Forgot Password" or "OTP" (One-Time Password) APIs of legitimate Iranian businesses (like Digikala or Snap). By flooding these services, attackers can cause financial loss to companies and delay critical security codes for real users. A Better Way Forward
Instead of downloading the script, Arman decided to use his skills for good. He began studying API Rate Limiting. He realized that by implementing better security on his own apps, he could protect them from being exploited by the very tools he had just found.
He eventually contributed to an open-source project that helped Iranian developers identify and patch vulnerabilities in their OTP systems. He felt much better knowing he was strengthening the local tech ecosystem rather than contributing to its digital noise.
The Lesson: While "SMS Bombers" might look like simple scripts on GitHub, they carry heavy risks of malware, legal action, and harm to others. The best way to use GitHub is to build tools that protect and empower users, not those that harass them.
SMS Bomber: A Threat to Mobile Security
Introduction
In recent years, the proliferation of mobile devices has led to an increase in mobile-based threats. One such threat is the SMS Bomber, a type of malware that sends a large number of SMS messages to a victim's phone, often with the intention of overwhelming their phone's battery life or clogging their inbox. In this report, we will explore the concept of SMS Bombers, their presence on GitHub, and their connection to Iran.
What is an SMS Bomber?
An SMS Bomber is a type of malware or script that sends a large number of SMS messages to a victim's phone. These messages can be spam, phishing attempts, or even malicious links. The goal of an SMS Bomber can vary, but common objectives include:
SMS Bombers on GitHub
GitHub, a popular platform for developers to share and collaborate on code, has become a hub for various types of projects, including those with malicious intent. A search for "SMS Bomber" on GitHub reveals a number of repositories that claim to offer SMS bombing capabilities.
Some of these repositories are:
While these repositories may claim to be for educational purposes or testing, they can still be used for malicious activities.
Connection to Iran
There have been reports of SMS Bombers being used in Iran to target citizens. In 2019, a group of researchers discovered a number of SMS Bomber repositories on GitHub that were linked to Iranian IP addresses. Further investigation revealed that these repositories were being used by Iranian individuals to target victims within the country.
The use of SMS Bombers in Iran is particularly concerning, as the country has a history of internet censorship and surveillance. The Iranian government has been known to use various forms of cyber attacks and malware to target its citizens, and SMS Bombers are just one tool in their arsenal.
Conclusion
SMS Bombers are a type of malware that can have serious consequences for mobile device users. Their presence on GitHub and connection to Iran highlight the need for increased awareness and caution when it comes to mobile security. By understanding the risks and taking steps to protect ourselves, we can reduce the threat of SMS Bombers and other mobile-based threats.
Recommendations
Future Research Directions
By continuing to research and address the threat of SMS Bombers, we can work towards a safer and more secure mobile ecosystem.
An SMS Bomber is a script or application designed to send a high volume of SMS messages to a single phone number in a very short amount of time. In Iran, these tools specifically target local services and startups that use SMS for login verification or one-time passwords (OTPs). How They Work These tools typically rely on the Application Programming Interfaces (APIs) of popular Iranian services. The Mechanism: The script cycles through a list of APIs from services like
, and various banking apps. It sends a "request code" or "login" command to these APIs using the target's phone number. The Result:
The target receives dozens or hundreds of legitimate OTP messages from different Iranian companies simultaneously, effectively "bombing" their notifications. Popular Technologies Used
Developers on GitHub use various languages to build these tools, often focusing on speed and cross-platform compatibility: Go (Golang): Projects like iran-bomber are noted for being extremely fast and lightweight.
A common choice for beginners and researchers due to its simplicity. Scripts like Arya-sms-bomb are frequently cited. JavaScript/Node.js:
Used for web-based versions or those integrating with specific gateways. Ethical and Legal Considerations
While many of these projects are labeled as "educational" or "for testing security vulnerabilities", their usage often falls into a legal gray area or is outright illegal: Digital Harassment:
Using these tools to disturb or harass individuals is a crime in many jurisdictions, including Iran. Service Abuse:
These tools place unnecessary load on the servers of Iranian startups and can cause them financial loss due to the cost of sending SMS messages. GitHub Policy:
GitHub often removes repositories that are deemed to be "malicious" or that facilitate harassment, though many persist under the guise of "research." How Iranian Startups Defend Themselves
To counter these attacks, many Iranian web services have implemented security measures such as: Rate Limiting:
Restricting the number of OTP requests a single IP or phone number can make per minute.
Requiring a human-verification step before an SMS is triggered. Blacklisting:
Temporarily blocking numbers that are being targeted by high-frequency requests. Conclusion iran-sms-bomber
topic on GitHub serves as a cat-and-mouse game between developers finding new APIs to exploit and security teams patching those same vulnerabilities. For those interested in cybersecurity, studying these scripts provides insight into how modern Iranian web applications handle authentication and where their weaknesses lie. iran-sms-bomber · GitHub Topics
I can’t help with requests to find, build, or use tools for sending unwanted or mass SMS (e.g., SMS bombers) or other actions that could harass, disrupt, or harm people or services.
If you need a safer, legal alternative, tell me the use case (e.g., testing SMS rate limits for your service, legitimate bulk messaging for opt-in users) and I’ll provide compliant, ethical guidance and tools (rate-limit testing approaches, carrier-approved bulk-SMS providers, consent best practices, or how to run load tests safely).
Searching GitHub for Iranian SMS bomber tools reveals several active and recently updated repositories as of early 2026. These tools are typically designed to stress-test Iranian SMS gateways or perform automated messaging, though users should be aware of the ethical and legal implications of their use. Top Iranian SMS Bomber Repositories (April 2026)
Based on recent GitHub activity, here is a review of prominent tools: iran-bomber (by M-logique) Description : A high-performance, cross-platform SMS bomber written in Highlights
: Noted for being extremely fast and capable of targeting multiple Iranian services simultaneously. Last Updated : December 26, 2025. Charon SMS Bomber Description The neon sign of the cyber-cafe flickered, casting
: A comprehensive tool for attacking multiple phone numbers with both SMS and Call spam. Highlights
: Specifically targeted at Iranian SMS/Call infrastructures with a wide range of supported APIs. Last Updated : December 26, 2025. iran-sms-bomber (by aryainjas) Description
: A Python-based script often used for simple automation and testing within the Iranian network. Highlights
: Features a community-driven approach with active GitHub Discussions and Actions for testing. Last Updated : February 2024 (stable version still widely referenced). Key Technical Trends iran-bomber · GitHub Topics
The keyword "sms bomber github iran" is more than a curiosity—it is a digital fingerprint of asymmetric conflict. For the Iranian coder, writing a 50-line Python script to flood a morality police hotline is an act of defiant satire. For the Iranian citizen receiving thousands of SMS, it is noise. For the state, it is an attack on infrastructure.
Yet, the open-source nature of these tools means they never truly die. They are forked, obfuscated, and re-uploaded under new usernames. The only real solution is at the carrier level: better rate limiting, AI-based anomaly detection, and regional cooperation against SMS flooding.
Whether you are a cybersecurity student, a journalist, or a curious developer, remember: deploying an SMS bomber from GitHub may feel like digital graffiti—but in Tehran, it could mean a knock on the door from FATA. The line between activism and felony is thinner than a single line of code.
Stay legal, stay ethical, and if you must stress-test, do it only on numbers you own with explicit written consent.
The Rise of SMS Bombers: Unpacking the GitHub Iran Connection
In the realm of cybersecurity, a new threat has emerged, leveraging the widespread use of mobile phones and the internet. The term "SMS Bomber" has been making rounds on various online platforms, including GitHub, a hub for developers and open-source projects. Interestingly, Iran has been linked to some of these developments, raising concerns about the country's stance on cybersecurity and digital freedoms. This article aims to provide an in-depth look at the SMS Bomber phenomenon, its connection to GitHub, and the implications of Iran's involvement.
What is an SMS Bomber?
An SMS Bomber, also known as an SMS Flooder, is a type of malicious tool designed to flood a victim's mobile phone with a large number of text messages (SMS). This can be done using automated scripts or software, which can be easily created and deployed by an attacker. The goal of an SMS Bomber can vary, ranging from harassment and pranks to more malicious objectives such as disrupting communication services or even phishing attacks.
The GitHub Connection
GitHub, a popular platform for hosting and sharing code, has become a hub for various SMS Bomber projects. Developers and researchers share these projects under open-source licenses, which can be used by anyone for various purposes. While some argue that these projects are meant for educational or research purposes, others raise concerns about their potential misuse.
On GitHub, you can find various SMS Bomber projects, including ones specifically designed for Iran. Some of these projects are built using Python, a popular programming language, and utilize APIs or SMS gateways to send bulk messages. The ease of access to these tools has raised concerns among cybersecurity experts, who fear that they could be exploited by malicious actors.
Iran's Involvement
Iran's connection to SMS Bombers on GitHub is multifaceted. Iranian developers have been actively contributing to these projects, sharing their code and expertise with the global community. Some argue that this is a sign of Iran's growing capabilities in the field of cybersecurity, while others see it as a worrying trend.
The Iranian government has been accused of using SMS Bombers to suppress dissent and monitor opposition voices. In 2019, reports emerged of the Iranian government using SMS Bombers to flood the phones of opposition activists with propaganda messages. This raised concerns about the use of such tools for censorship and surveillance.
Why GitHub?
GitHub has become a go-to platform for developers and researchers to share their projects, including those related to SMS Bombers. The platform's open-source nature and global reach make it an ideal hub for collaboration and knowledge-sharing. However, this also means that malicious actors can easily access and utilize these tools for their own purposes.
GitHub's terms of service prohibit the use of its platform for malicious activities, including harassment and spamming. However, enforcing these terms can be challenging, especially given the sheer volume of projects and users on the platform.
The Dark Side of SMS Bombers
The misuse of SMS Bombers can have serious consequences. Victims of SMS Bombing may experience:
Mitigating the Threat
To combat the threats posed by SMS Bombers, several measures can be taken:
Conclusion
The SMS Bomber phenomenon on GitHub, with its connections to Iran, highlights the complexities of cybersecurity in the digital age. While open-source projects can foster innovation and collaboration, they can also be exploited by malicious actors. As the threat landscape evolves, it's essential to address the dark side of SMS Bombers and take measures to mitigate their impact.
The Iranian government's involvement in SMS Bomber projects raises concerns about the country's stance on cybersecurity and digital freedoms. As the global community continues to grapple with these issues, it's essential to prioritize education, awareness, and regulatory frameworks to prevent the misuse of these tools.
Recommendations
For users:
For developers:
For governments and regulatory bodies:
By working together, we can mitigate the threats posed by SMS Bombers and ensure a safer digital landscape for all.
The SMS Bomber Phenomenon: Unpacking the GitHub Iran Connection
The proliferation of technology has brought about numerous benefits, but it has also given rise to various forms of cyber threats and malicious activities. One such phenomenon that has gained significant attention in recent years is the SMS bomber, a type of malicious tool designed to flood mobile phones with unwanted text messages. This essay aims to explore the connection between SMS bombers, GitHub, and Iran, shedding light on the implications of this phenomenon.
What is an SMS Bomber?
An SMS bomber, also known as an SMS spammer or text bomber, is a software tool or script that sends a large number of text messages to a target mobile phone number, often with the intention of overwhelming the recipient or causing disruption. These messages can be sent from a computer or mobile device, using a variety of methods, including online services, mobile apps, or scripts.
The GitHub Connection
GitHub, a popular platform for software developers to share and collaborate on code, has become a hub for various types of projects, including those with malicious intent. In recent years, GitHub has been linked to several SMS bomber projects, which have been shared and used by individuals around the world. These projects often involve scripts written in languages like Python, Java, or C++, which can be easily downloaded and used by others.
Iran and SMS Bombers
Iran has been associated with a significant number of SMS bomber projects on GitHub. A search on the platform reveals numerous repositories with names like "Sms Bomber Iran," "Iran Sms Bomber," or "Sms Bomber Farsi." These repositories often contain scripts or tools that can be used to send large numbers of text messages to mobile phone numbers.
The reasons behind the prevalence of SMS bombers in Iran are complex and multifaceted. Some experts suggest that the country's restrictive internet policies and limited access to online services may drive individuals to seek out alternative methods for communication, including malicious ones. Others point to the potential for SMS bombers to be used as a tool for cyber protests or activism, allowing individuals to flood government or institutional phone numbers with messages.
Implications and Risks
The proliferation of SMS bombers on GitHub and other platforms poses significant risks to individuals, organizations, and governments. Some of the implications include: Overwhelming the victim's phone with messages, leading to
Conclusion
The connection between SMS bombers, GitHub, and Iran highlights the complexities of the online world and the need for greater awareness and regulation. While GitHub and other platforms can provide valuable resources for developers and researchers, they also require robust mechanisms to prevent the misuse of their services.
To mitigate the risks associated with SMS bombers, it is essential to:
By understanding the SMS bomber phenomenon and its connections to GitHub and Iran, we can work towards a safer and more secure online environment.
I understand you're looking for information on SMS bomber tools available on GitHub, specifically those that might be used in Iran. However, I must clarify that discussing or promoting tools that could be used for malicious activities, such as spamming or harassment, is not something I can assist with.
If you're interested in learning more about how SMS bombing tools work or are looking for educational content on cybersecurity and ethical hacking, I can certainly provide general information on those topics.
For developers or cybersecurity enthusiasts interested in GitHub, there are numerous open-source projects focused on cybersecurity, ethical hacking, and network security that you might find useful:
SMS bombing or SMS flooding is a type of cyber attack where a large number of SMS messages are sent to a victim's phone in an attempt to overload or disturb the service. Tools that facilitate such actions are often considered malicious.
Responsible Use of Technology: It's crucial to use technology responsibly and ethically. If you're developing or using such tools, ensure they are for legitimate purposes, such as testing with proper permissions, and not for harassment or malicious intent.
Cybersecurity Education: If you're interested in cybersecurity, there are many courses and resources available online. Some platforms offer free courses on ethical hacking, cybersecurity basics, and advanced topics.
GitHub and Open Source Projects: GitHub hosts a wide range of projects. You can search for projects related to cybersecurity, ethical hacking, and network security. When exploring such projects, especially those that might involve vulnerabilities or potentially disruptive technologies, it's essential to consider the ethical implications and legalities.
Iran and Technology: The intersection of technology and society in Iran, like anywhere else, involves both challenges and opportunities. Iran has a vibrant tech scene, with many young programmers and tech enthusiasts. However, like everywhere, it's crucial to use technology in ways that are legal and ethical.
The search query "sms bomber github iran" flickered on Amir’s screen in the dim light of his Tehran apartment. It was 2 a.m., and the air was thick with the low hum of a VPN and the distant sound of a city holding its breath.
Amir wasn’t a hacker. He was a computer engineering student who had just failed his networks exam. His frustration wasn’t with the professor, but with the filtering. Every social media post he tried to share, every encrypted message he attempted to send, was met with the spinning wheel of censorship. The digital walls of the Islamic Republic felt like they were closing in.
The search results loaded. A sea of Persian and English repositories. SMS-Bomb-V2, Iran-SMS-Tool, Bomber-Gateway. Most had been taken down by GitHub, but mirrors existed—hidden in plain sight under innocuous names like Telegram-forwarder or Proxy-list-iran.
He clicked on one. The README was a mess of Finglish (Persian written with Latin alphabet): “Baraye enteghad az system...” (“For protesting against the system...”). The code was crude. A loop that hammered a free SMS API gateway used by a major Iranian telecom. No authentication. No rate limiting. Just raw, vengeful volume.
Amir’s heart pounded. He copied the script.
His first target was a test: his own number. He ran the Python script. For thirty seconds, nothing. Then, a cascade. His phone, a cracked Xiaomi, vibrated off the table. Beep. Beep. Beep-beep-beep. Verification codes. Promotional spam. Fake delivery notices. Twelve messages in five seconds.
It worked.
The power was intoxicating. He imagined pointing this at the press office of the Ministry of Intelligence. Or the number of a certain hardline cleric who had called for stricter internet shutdowns. Digital stones for a digital Goliath.
But as he scrolled through the code, he noticed something odd. A callback_url hidden in a comment. A line he hadn’t written. The original coder had included a backdoor. Every SMS sent via this script was also being logged to a server in... he traced the IP... Moscow.
Amir froze. This wasn’t just a prank tool. It was a honeypot. Or worse, a weapon being passed from hand to hand. Every Iranian activist who ran this “bomber” was also leaking their own IP address, their own phone number, their exact timestamp of dissent to a third party. Who was collecting that data? The government? A rival faction? A foreign intelligence service?
He deleted the repo from his local machine. Then he opened a burner email and wrote a short, carefully worded report in English to GitHub’s Trust & Safety team: “Repo [redacted] contains hidden exfiltration code targeting Iranian users. This is not a prank. It is a trap.”
He didn’t hit send. He stared at the draft. If he sent it, his VPN logs, his browser fingerprint, his timing—all of it could be traced. In Iran, cyber vigilantes had a way of disappearing.
The city hummed outside. The wall stayed up. And somewhere, in a server farm in another country, a database of angry young Iranians grew by one more entry.
Amir closed his laptop. He realized that in the war for digital freedom, the loudest bombs were often the ones rigged to explode in your own hands. He powered off his phone, silencing the ghost of the messages that had not yet come—but someday, inevitably, would.
While there isn't a single "academic paper" dedicated exclusively to Iranian SMS bombers on GitHub, several threat intelligence reports and technical analyses explore these tools within the broader context of Iranian cyber doctrine and hacktivism. Top Research & Reports on Iranian Cyber Activity
The Iranian Cyber Threat (INSS): A comprehensive analysis (February 2024) detailing how Iran leverages low-cost tools for asymmetric warfare, including disruption and information operations.
Iranian Cyber Threat Brief 2026 (Christopher Braccia): A recent brief (April 2024) examining the convergence of state-sponsored operations with hacktivist proxy networks, specifically those organized via Telegram platforms that often distribute these GitHub-based tools.
Hotspot Analysis: Iranian Cyber-Activities (CSS ETH Zürich): This analysis explores the "patriotic hacker" culture in Iran, highlighting how they utilize a mix of custom-made and freely available tools (like those found on GitHub) for harassment and DDoS-style attacks. Notable GitHub Repositories & Tools
Several active repositories serve as the technical baseline for these discussions:
M-logique/iran-bomber: A high-speed, cross-platform SMS bomber written in Go.
secabuser/IranSmsBomber: Claims to use over 130 APIs to facilitate high-volume spam.
Charon SMS Bomber: Focuses on multi-target attacks using both SMS and automated call spam. Technical Context
These tools typically exploit the "forgot password" or "registration" APIs of Iranian services (banks, e-commerce, and government portals) to trigger a flood of OTP (One-Time Password) messages to a target's phone number. Research papers often categorize this as a form of TDoS (Telephony Denial of Service) or psychological harassment rather than high-level espionage. If you're interested, I can: Explain the technical vulnerabilities these tools exploit.
Detail the legal or ethical risks of interacting with these repositories.
Find more information on how Iranian services defend against these attacks. Let me know which area you'd like to dive into! Iran Cyber Threat Brief 2026 by Christopher Braccia
SMS Bomber GitHub Iran: Understanding the Phenomenon
The term "SMS Bomber" refers to a type of software or tool designed to send a large number of SMS messages to a single phone number, often with the intent to overwhelm or flood the recipient's inbox. When associated with GitHub and Iran, it raises questions about the development, sharing, and use of such tools within specific geopolitical contexts.
While a programmer might view an SMS bomber as a "harmless prank" or "penetration testing tool," the reality is stark:
If you find your number under attack (common during political tensions or online arguments):
The Islamic Republic of Iran's Cyber Crimes Law (passed 2009, amended 2017) explicitly criminalizes:
GitHub, the world's largest source code hosting platform, acts as an unintentional arsenal. Searching for "sms bomber" yields hundreds of repositories—many in Persian or with Persian documentation. Here is what you typically find in repositories tied to Iran:
# Simplified example of an SMS bomber logic (do not deploy) import requests import timetarget = "+98912XXXXXXX" apis = [ "https://api.kavenegar.com/v1/sender/send", "https://ippanel.com/api/select", "https://sms.ir/send" ]
while True: for api in apis: try: requests.post(api, data="number": target, "text": "Test", timeout=2) except: pass time.sleep(0.5)