'bomber.py' is obfuscated and takes lot of time to evaluate fully.

[ghost]

Hello!

You're on GitHub, if you haven't noticed it yet. We're doing open-source stuff here. Why won't you leave your bomber script as-is? Your bomber script is just a wrapper around your ReST API (according to requests your script is sending) anyway.

Also, about that 'verification'. You're just getting paid on the ads at the site where you provide 'verification code'.

And the last one - the script is only working on Debian-based systems. Package managers like pacman or yast are not working here because you're only trying to use apt without ever checking if this command exists.

[TheSpeedX]

Thanks For Your Suggestions... Yeah I am no Github As Its a good place to Share Our Codes and contribute I have other opensource Projects on git as well TBomb is obfuscated for A Reason . Its there for security. And Dont you think it will be misused Heavily if left open

Yeah about that verification stuff I had apis sending 1k international SMS on a go But Heavy and unprotected usage got that api banned So i put ads to control users...... You will Need To think of many stuff While Publishing A Tool Like This You Are Forgetting the consequences if i followed you

and at last yeah i made it only available for debian systems only As i cant provide support from my side for other OS out there And The TBomb.sh Code is clearly readable which will help users to install specific packages

I am not building A Commercial Grade Application Here

And This Script Will be open sourced Soon after its APK version is made

We already Thought of what problems users are facing So At the conclusion TBomb APK will solve all isues no verification links will be there

[ghost]

@TheSpeedX - just mentioning to make sure you won't lose this issue.

A response to all of your false statements.

TBomb is obfuscated for A Reason . Its there for security. And Dont you think it will be misused Heavily if left open

Chromium and Firefox are open-source, too, and it might cause WAY GREATER problems if someone finds an exploit. But these are still open, huh? What security do you event talk about?

Yeah about that verification stuff I had apis sending 1k international SMS on a go But Heavy and unprotected usage got that api banned

How's it? Your government got it down? [Doubt]

So i put ads to control users......

No, you put ads to get cash flown, that's no secret.

You will Need To think of many stuff While Publishing A Tool Like This You Are Forgetting the consequences if i followed you

TBomb in its current state is already a tool that is capable of dealing damage, nothing would change if it were open-source.

and at last yeah i made it only available for debian systems only As i cant provide support from my side for other OS out there

Why so? Is there a problem with other package managers? [Doubt x2]

And The TBomb.sh Code is clearly readable which will help users to install specific packages I am not building A Commercial Grade Application Here

And This Script Will be open sourced Soon after its APK version is made

APK is WAY easier to decompile and get discovered around.

Also - I'm curious why 50% of your stargazers are almost empty?. Seems like a reason to notify a support team, quite resembling a bot net to boost a repo.

[TheSpeedX]

@scpketer Any Further Questions Mention me xD

Answers To Your Different Views

Chromium and Firefox are on there own. They Are not Doing Tools like SMS Spamming etc They are using Legit Stuff .... We use 3rd party vuln sites to send SMS

And API got banned as the site owners Found these requests and limited it

Do you really think Sending SMS Would be Free ????

We Give it For Free Thats Too with international Support

And Yeah We Also Need Cash to move on To Other Projects We Only got a Couple Of Donations Just Sufficient For Coffee Of 2 days

And TBomb Was OpenSourced Before I Got to See a whole lot of misuse.... Ads Pays Us and Controls user to use in limit

And Yeah TBomb Will Be Opensourced might be in 2 months again

There is not a problem Using For other package mantainers But I will also need to Test on that system ... Which will take quite a time ... And I need Other Stuff To Do ...I am still A Student ...

APK will be user friendly ... Interpreted code is a bit slow and i want to increase user base too APK can be decompiled But You Cant Edit The Obfuscated Smali

And I Dont know who the Stargazers And if u really think its a botnet and bypassed Github's New Awesome Captcha , Please Provide Me Its Link Or Code xD

[ghost]

@TheSpeedX

It's not my business to find out how did your stargazers have registered. The report is sent to GitHub support and they are currently reviewing it.

All that is worrying me is that most of them have no avatar, most of them have empty repositories, and all of those have your repositories starred and forked. Here's a list of them (ahem, these are forks):

• https://github.com/Alemen7 - just fork, no changes
• https://github.com/0n1cOn3 - a fork of your repo, no changes
• https://github.com/ahmedibaz - same useless fork with no commits (1 ahead 1 behind is a side effect of your repository always staying at 1 commit)
• https://github.com/adickmilea - quite a lot of forks of various repositories but they all have no changes.
• https://github.com/ashfak03 - just your repo forked.
• https://github.com/baveryalcin21 - and this one just creating repositories and never committing.
• https://github.com/batarabarabone - this one too.
• https://github.com/Crewxx - this one has some side content, but no changes made to your repositories.
• https://github.com/Bronil1983 - just your repo. Again, yeah.
• https://github.com/dravid3x - hmm, and this one...
• https://github.com/ElectronsForceSagar - and another one. Dude, set avatars at least.
• https://github.com/Devp73 - empty forks.
• https://github.com/eslamelhadedy - empty forks.
• https://github.com/Freeguy1 - this one has created (or forked) 100 repositories. Yes, for no changes to be made.
• https://github.com/Guptaji321- your repository forked.
• https://github.com/Haxnation - TBomb forked and yeah, no changes.
• https://github.com/Helfynt - same no activity except forking.
• https://github.com/hellking1 - all the forks.
• https://github.com/HonorBlack - just your forked repo.
• https://github.com/Ibrahimjdaan - same as above.
• https://github.com/Devp73 - your repo forked and no changes.
• https://github.com/infected521 - same. Just forks with no activity.
• https://github.com/ismailert4593 - just TBomb.
• https://github.com/kekwak - TBomb and an empty repo. No activity (you know, acitvity tiles are sooo useful)
• https://github.com/kiNapSter - all the empty repos. Your ones are there too.
• https://github.com/MazanLabeeb - single fork on TBomb. Nothin else.
• https://github.com/myheartjoker - just repositories. No actvity. TBomb's here, too. == The ones below are all the same, I'm tired of writing a description ==
• https://github.com/nicolascng
• https://github.com/NinjateckNK
• https://github.com/oussamadzh
• https://github.com/pramodnrn
• https://github.com/realacc000
• https://github.com/Realmexxx
• https://github.com/refael613
• https://github.com/Ritikbansal
• https://github.com/SmYusuf28
• https://github.com/strikeboss
• https://github.com/stunttr69
• https://github.com/superchanzzz
• https://github.com/thanzan123
• https://github.com/TheVGAMER
• https://github.com/v1p3r3301
• https://github.com/wllshdx
• https://github.com/XxNikitaPlayxX
• https://github.com/zxwan96

I do understand that India has a lot of population and you could gain so much followers (this includes this repo stargazers and forkers as well as your profile followers, about their user content, see above, it's in bold), but man - you've got this account just in 2018, and, assuming you've created TBomb instantly after this - it's been even less than 2 years, and you've got 120+ stars already.

Also - if there are so many stargazers, why's activity is just zero? No PRs, just 19 (including this one) issues, kind of suspicious.

That's not how we do on GitHub. Just as this one repo, I've also seen 'commit bot' - these are sort of restricted, aren't they?

[ghost]

Watch it, @TheSpeedX. What do you say about that? I'm not going to dig up your stargazers, but things are all the same out there as well.

[TheSpeedX]

Ok Great I will Help in all way To Github Support

And Those Who Forked They cant change as The code is obfuscated...

How could i say about my Stargazers ?? I Dont really Know Them ...

And TBomb Was A Hell When it was started Man The New TBomb u Are seeing is just 6 month old might be

It Users wish they starred my repo

And This Tool Does not make much issue as its only for debian And i solved every issue

If u want u can dig up the stargazers and see I am not involved in Any Sort of botnet

And i think my tool got Popular Coz Many Youtubers Posted Video About This You can check too xD

And yeah commit-bot was Made By me And its open source So you can See The Code No Illegal Stuff is used there

They Are not actually restricted there is a repo called gitfitti which will draw graffiti in your contribution history...

So i dont actually think commit-bot is restricted .... But if it is I will take it down..

@scpketer Hope That you were Satisfied With my other answers as well

If not comment I am ready To Reply xD Coz i know i am right ( atleast in this case)

[TheSpeedX]

@scpketer

Really Hats Of To Your efforts You Really too a lot of effort by analyzing forks xD

So i am here to answer Any of your question if I can

[ghost]

@TheSpeedX, I have nothing against YouTubers made a video about your tool, that's understandable (but, actually, with the quality of videos on your channel I start to re-think it - man, just look at all of those intros in your videos, they're just awful of being vertical)

However, I just respond at what I see - a lot of empty accounts made for just forking your repo. You do know what forks are for, right? For other people to make changes. But take a look yourself - they ARE EMPTY. No changes.

P.S. Can't call it an effort though - it's so easy to just pick avatar-less accounts and quick-check if they have any activity besides just forking stuff.

[TheSpeedX]

@scpketer I am not talking About videos in my channel ( i know they are junk) but others also uploaded There videos And Blogs also

I am not much of an editor xD That Intro was for Landscape video But I resized To Vertical ;-)

I know what forks are for but i think others dont might be

As U saw there were guys with several other forks But no commits so

I think it might be due to a reason I had Said that i will take down TBomb

So they might have forked it xD ;-)

I really Am ethical man Why would i just Do like empty forks See any other popular repo

you will also find Forks with no contribution

Not all forkers contribute

[ghost]

@TheSpeedX, it would be understandable if it wasn't for all the empty accounts at your profile followers as well as in stars and forks. You see - people are on GitHub for creating stuff or contributing. It's suspicious that people just wander around your repo. Just a few of them have anything except your repository.

[TheSpeedX]

Let the Github Community Check and Verify it

Thanks @scpketer A Lot For submiting for review ;-)

You Helped Me To Maintain The Repo like Some Official ones xD

[ghost]

Official ones don't have fake stargazers and forkers, @TheSpeedX.

[TheSpeedX]

Yup thats why i thanked u @scpketer to help me to take it to notice of github community

And after this it gonna look a bit official as no fake stuff

But i think u are still thinking i made the fake stargazers and fork

Had it been that why should have i left watchers

Any way thanks

[ghost]

Now I see - watchers are damn 90% of those 'avatar-less content-less users'.

[TheSpeedX]

But i dont think they are content less though

Although i have not seen all

[0n1cOn3]

@Scpketer

Im sorry, that i forked my friends repo ">__> I made changes, but they not yet uploaded...

It is not my and SpeedX's Job to check all Watchers and Stargazers. If the community recognize that, is a feedback of course everytime welcome :-D

Even if some stargazers are fake, what can we do?

Sincerly

0n1cOn3

[ghost]

Im sorry, that i forked my friends repo ">__>

Please point out where I've said I have something against people who have forked this repo for reason. Can't find something like that? Me neither.

It is not my and SpeedX's Job to check all Watchers and Stargazers. If the community recognize that, is a feedback of course everytime welcome :-D

Even if some stargazers are fake, what can we do?

For the first, I'm pretty sure this repo's authors are the one and only people that are directly invested into gaining more fame. Sadly, not in a fair way.

For the second, if all these fake profiles are not yours - why didn't you contact support with plain and simple 'hey guys, we've got hella bots over here, mind taking a look?'. Like it's not something that is hard to notice.

[ghost]

Now, thanks to @darkestentropy's bombcrack project - there are so many possibilities far and wide to bring up using the cracked bomb. Stay tuned~

[TheSpeedX]

@scpketer

For the first, I'm pretty sure this repo's authors are the one and only people that are directly invested into gaining more fame. Sadly, not in a fair way.

Bro i think u are pretty much high i mean really high I dont see any of the sense u make Please see #23 and i didnt have much free time like you have to make it gain more fame ...

You can see youtube theres lots of video about TBomb So are those made by me too ad what about the 4 digit unique clones and insight views i get

Are they bot too

And if i could really bot like fooling github for unique clones and unique view i really wont be here wasting time with you

Ahh now i get it , Either you are jealous or you are high

For the second, if all these fake profiles are not yours - why didn't you contact support with plain and simple 'hey guys, we've got hella bots over here, mind taking a look?'. Like it's not something that is hard to notice.

I think you actually did say that you did so i did not care much about it and i am not as free as you are so i did not...

Sorry If I hurted You

[ghost]

Enough. That doesn't seem to have any effect.

[0n1cOn3]

It seems to be that you are opinion Resistant. If you really mean, that those stargazer are fake, you should be wrong.

[ghost]

Y'all should be wrong, including you, 'totally-not-a-twin-acc-of-speedx'.

[0n1cOn3]

Im sorry, but you have seen that i dont have only SpeedX's TBomb Project.

And I can not stand it, if you assert things without having a real proof of it!

[TheSpeedX]

Y'all should be wrong, including you, 'totally-not-a-twin-acc-of-speedx'.

None are wrong i respect darkestentropy as he said me logical and valid stuff unlike you @scpketer

If you argue like this i will actually think that you only made fake accounts and did this stuff to depopularisation . Coz everyone analyzed even the github team

If they also did not find any trouble , why is ut trouble with you?? I guess you did this and blaming me

Enough. That doesn't seem to have any effect.

Lol Just because you dont have any answer... And if i had done wrong i could have even deleted this issue but i know i am right looks like you are wrong here

[0n1cOn3]

Hi @scpketer & @darkestentropy

I have sad news..... And thats why it was obfuscated... Thats the result:

• Due the opening of bomber.py many api's are dying.
• We have seen also many forks where the user has changed the limit to increase the amount of SMS's which will be send.

We also have not seen any other PR's to implement new API's. @TheSpeedX Will give not anymore such an attention on TBomb as before since he has started another TBomb Version in another instances.

I have seen more Projects on Github where you can just grab the compiles version. And those repo doesn't released the source code yet. instead the compiled version get's updated.

[ghost]

Due the opening of bomber.py many api's are dying

First of all, most APIs were already unstable back in August '19 (the first time I've seen TBomb). Second of all, web services tend to update their API from time to time, regardless of being 'exploited'.

We have seen also many forks where the user has changed the limit to increase the amount of SMS's which will be send.

If you didn't want to give the user an ability to increase the amount of sent SMS - you shouldn't have uploaded source code in any disassemblable form.

There is no perfect obfuscation; moreover, as @darkestentropy has proved with their bombcrack, TBomb's obfuscation turned out to be a total failure.

We also have not seen any other PR's to implement new API's.

Congratulations, you've just discovered the true popularity of your tool - don't let all of those stars/forks counters confuse you.

[ghost]

I assume you are original TBomb developer, too - so why you haven't added any new APIs?

[0n1cOn3]

Im a Tester of TBomb. If i would know how to get those strings, i would lovely add them.

[ghost]

From the user's perspective, I can see that it's really hard to understand how to add new APIs. TheSpeedX guy has used os shell calls to curl - and there are not so many people who are really skilled in the command line or curl itself.

I'll be also working on a better API requests system so everyone can add new APIs with Python.

[0n1cOn3]

First of all, most APIs were already unstable back in August '19 (the first time I've seen TBomb). Second of all, web services tend to update their API from time to time, regardless of being 'exploited'.

There was more API's earlier, but they had been updated. But since august (Where this Issue has been open) SpeedX lost the joy to keep it up-to-date.

If you didn't want to give the user an ability to increase the amount of sent SMS - you shouldn't have uploaded source code in any disassemblable form.

Exactly that was the reason WHY bomber.py was obfuscated..... But you and @darkestentropy killed it.

Congratulations, you've just discovered the true popularity of your tool - don't let all of those stars/forks counters confuse you.

What has this Todo ? You already give yourself the answer why nothing happend about the Shell Calls with Curl.

[ghost]

Exactly that was the reason WHY bomber.py was obfuscated

Obfuscation is disassemblable. Web service with all your private code on your side would do a trick.

[0n1cOn3]

But when you have an idea how to implement the API's without to expose them.. Why not a PR :-D

[0n1cOn3]

Obfuscation is disassemblable. Web service with all your private code on your side would do a trick.

Of Course. Check some older PR's which has been denied. You will see there many kiddos which just add or remove some values to increase the Limite of TBomb. And that was also a reason why it was obfuscated.

This two reasons where for the obfuscation. I know, its disassemblable but you have to know how. And ill guess the most users if TBomb can't do it.

[ghost]

Why not a PR

I'm not making a web service for you.

[0n1cOn3]

🤦🏻‍♂️

Why not a PR

I'm not making a web service for you.

🤦🏻‍♂️

[0n1cOn3]

Your talking about implement a better API platform, but would not provide another improvement for secure those API's and Settings. Your indescribably.

[ghost]

TBomb already has it's code open - what is the point to move those APIs to the web service now?

[ghost]

And oh look - somebody even tried to deal with the obfuscation way before the Entropy.

https://issue.life/questions/53640508 (sadly, the source SO page no longer exists)

[0n1cOn3]

And oh look - somebody even tried to deal with the obfuscation way before the Entropy.

https://issue.life/questions/53640508

LOL, potencial malicious software xD

[0n1cOn3]

TBomb already has it's code open - what is the point to move those APIs to the web service now?

Well, at least we could separate the API's from the bomber.py and settle them into another "Project". So it has to been build and could provide more security how this works.