Android Pentesting Toolkit
Transform your rooted device into a full security testing platform

---

Jezail is an all-in-one Android application that runs entirely on your rooted device. It exposes a rich REST API and serves an embedded web interface, accessible from any browser on your network, giving you remote control over device management, system internals, and security tooling without any external dependencies.

Features

Device Control Hardware info, battery, CPU, RAM, storage Screenshot capture & screen mirroring (WebSocket) Clipboard read/write/clear Hardware key simulation System properties & SELinux toggle Environment variables, proxy & DNS config	Application Management List, install, uninstall packages Launch/stop apps with activity options Permissions management (grant/revoke) App ops configuration Debug status, signatures, process info Clear app data and cache
Security Tools Frida server management & auto-install ADB server control & key management Certificate management (system/user) APK download, backup & XAPK install PIN-based auth with Bearer tokens Refrida Web IDE for live instrumentation	System & Monitoring Log buffers (main, kernel, radio, crash, events) Live logcat streaming via WebSocket File system browsing with chmod/chown/chgrp File upload, download & directory zip Process listing & management Web-based terminal (xterm.js)

Quick Start

Prerequisites

• Rooted Android device - Magisk recommended
• For emulators - rootAVD

Install

_{Scan to download from Releases}

adb install -g -r jezail.apk

Launch the app. The HTTP server starts automatically on port 8080.

Access

Endpoint	Description
http://<device-ip>:8080/	Web UI
http://<device-ip>:8080/terminal	Web Terminal
http://<device-ip>:8080/mirror	Screen Mirror
http://<device-ip>:8080/refrida/	Refrida IDE
http://<device-ip>:8080/api/swagger	Swagger Docs
http://<device-ip>:8080/api/json	OpenAPI JSON

Tip

Running on an emulator? Forward the port first: adb forward tcp:8080 tcp:8080 then use localhost:8080

API

Jezail exposes a complete REST API with OpenAPI documentation. Every feature available in the web UI is accessible programmatically.

curl http://<device-ip>:8080/api/device

curl http://<device-ip>:8080/api/device/screenshot -o screen.png

curl http://<device-ip>:8080/api/packages

curl http://<device-ip>:8080/api/frida

Full interactive documentation at /api/swagger.

Screenshots

More screenshots

Contributing

Contributions are welcome. Open an issue or submit a pull request.

About the Name

The Jezail (جزایل) is a handcrafted long-barreled rifle from Afghanistan, renowned in 19th-century warfare for its exceptional range and precision. Its distinctive curved stock allowed marksmen to fire accurately from any position, whether standing, kneeling, or mounted on horseback. In battle, it consistently outranged contemporary military firearms, giving its wielders a decisive tactical advantage.

This toolkit carries the same philosophy: precise, powerful, and effective at a distance, delivering deep system-level control to your Android device from anywhere on the network.

Warning

Jezail is under active development and provided as-is without warranty. It is intended for authorized security testing and educational purposes only. Users assume full responsibility for how they use this toolkit.

License

MIT License - Copyright (c) 2025 Xahid