: Frequently cited for its speed and scale. It features over 130 integrated APIs and is written in
He clicked on one. The README was a mess of Finglish (Persian written with Latin alphabet): “Baraye enteghad az system...” (“For protesting against the system...”). The code was crude. A loop that hammered a free SMS API gateway used by a major Iranian telecom. No authentication. No rate limiting. Just raw, vengeful volume. sms bomber github iran
GitHub, the world's largest source code hosting platform, acts as an unintentional arsenal. Searching for "sms bomber" yields hundreds of repositories—many in Persian or with Persian documentation. Here is what you typically find in repositories tied to Iran: : Frequently cited for its speed and scale
: Many of these GitHub repositories are "honeypots" or contain malware. Arman found that some scripts didn't just send messages—they also scraped the user's own data, stole login credentials, or turned the user's computer into a botnet node. The code was crude
: These scripts utilize the public APIs of popular Iranian services (e.g., Digikala, Snapp, Tapsi, Divar, Shad, and various banking apps ) that send OTP (One-Time Password) codes for login or registration.
In Iran, as in many countries, the use of SMS bombers can have significant legal and social implications. Iran has strict regulations regarding cyber activities, with a focus on protecting national security and public order. The development, distribution, or use of tools like SMS bombers could be viewed through the lens of these regulations, potentially leading to legal consequences.