Add content from: Jezail: Rooted Android Pentesting Toolkit exposing a REST AP...

Author: HackTricks News Bot

src/mobile-pentesting/android-app-pentesting/README.md

@@ -56,6 +56,13 @@ java -jar ../APKEditor.jar m -i splits/ -o merged.apk
 java -jar uber-apk-signer.jar -a merged.apk --allowResign -o merged_signed
 ```
 
+## Jezail rooted Android pentesting toolkit (REST API + web UI)
+
+- Runs on a **rooted device** (Magisk/rootAVD) and starts an **HTTP server on tcp/8080** with a **Flutter web UI** and **REST API**.
+- Install the release APK with perms: `adb install -g -r jezail.apk`, then launch the app (server auto-starts).
+- Endpoints: `http://<device-ip>:8080/` (UI), `http://<device-ip>:8080/api/json` (API listing), `http://<device-ip>:8080/api/swagger` (Swagger).
+- Emulator port-forward to reach UI/API from the host: `adb forward tcp:8080 tcp:8080` then browse `http://localhost:8080`.
+
 ## Android Enterprise & Work Profile Attacks
 
 {{#ref}}
@@ -891,5 +898,6 @@ AndroL4b is an Android security virtual machine based on ubuntu-mate includes th
 - [smali-sslpin-patterns](https://github.com/aancw/smali-sslpin-patterns)
 - [Build a Repeatable Android Bug Bounty Lab: Emulator vs Magisk, Burp, Frida, and Medusa](https://www.yeswehack.com/learn-bug-bounty/android-lab-mobile-hacking-tools)
 - [CoRPhone — Android in-memory JNI execution and packaging pipeline](https://github.com/0xdevil/corphone)
+- [Jezail rooted Android pentesting toolkit (REST API + Flutter UI)](https://github.com/zahidaz/jezail)
 
 {{#include ../../banners/hacktricks-training.md}}