The Iranian government has taken steps to combat SMS Bombers, including blocking IP addresses associated with known SMS Bomber services and cooperating with international law enforcement agencies to track down perpetrators. However, the cat-and-mouse game between SMS Bomber developers and authorities continues.
: The script contains a list of Iranian services (e.g., Digikala , Snapp, Tapsi, and Divar). It sends POST or GET requests to their "Request OTP" or "Forgot Password" endpoints.
Companies and individuals can take specific measures to defend against SMS bombing attacks:
At its core, an SMS bomber is a tool designed to overload a mobile phone with a high volume of SMS messages in a very short period. It's a type of digital harassment and denial-of-service attack that aims to disrupt a victim's communication. sms bomber github iran verified
Using SMS bombers carries serious risks for the perpetrator as well:
: The script simulates a standard user interaction by sending a POST or GET request containing the target's phone number to those specific endpoints.
: Before executing any script locally, inspect the source code entirely. Avoid running obfuscated code or binaries where the underlying logic cannot be audited. The Iranian government has taken steps to combat
: To avoid rate-limiting or being blocked by the service providers, scripts often include a 3-5 second delay between requests. Technical Execution
Several repositories are frequently updated to account for changes in the APIs of Iranian websites:
Ecosystem notes (Iran context)
The development and use of SMS bombers should be approached with caution, considering both the technical capabilities and the ethical and legal implications. For those interested in developing such tools, a responsible approach includes understanding and complying with relevant laws and ensuring that any use case is justified and consensual.
Windows users can download pre-compiled executable files from the Releases section of each repository. Linux and macOS users can run bash installation scripts or use Go’s install command.
Sending an SMS OTP incurs a financial cost from telecommunication providers. When an SMS bomber targets a business's API, the business is forced to pay for thousands of fraudulent text messages, burning through marketing and operational budgets. It sends POST or GET requests to their
SMS bombers rarely send messages using paid SMS gateways. Instead, they exploit the One-Time Password (OTP) and verification APIs of legitimate websites and applications.
This public link is valid for 7 days and shares a thread, including any personal information you added. This link or copies made by others cannot be deleted. If you share with third parties, their policies apply. Can’t copy the link right now. Try again later. iran-bomber · GitHub Topics