diff --git a/flake.lock b/flake.lock
index 043fe3a..c3e2e18 100644
--- a/flake.lock
+++ b/flake.lock
@@ -17,11 +17,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1632639184,
-        "narHash": "sha256-fRLxre+gPxIkjFVj17O68pyAWU1cxT20XFOiulIWzRw=",
+        "lastModified": 1633083543,
+        "narHash": "sha256-thXKms0SvDirYb8/Hw0zqAE1TsuSFWd0y51mSzkPGLU=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "fd8a7fd07da0f3fc0e27575891f45c2f88e5dd44",
+        "rev": "92609f3d9bc3acffbdbe54fa1c591a885612aa73",
         "type": "github"
       },
       "original": {
@@ -39,11 +39,11 @@
     },
     "unstable": {
       "locked": {
-        "lastModified": 1632411313,
-        "narHash": "sha256-lekODc44lVo9/0EwGiX6LoEt2KhiPdcfNopealMJ7n4=",
+        "lastModified": 1633080050,
+        "narHash": "sha256-T9I2WnlUzAIL70dk9V1jqaYk3nypy/cMkWR19S47ZHc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "51bcdc4cdaac48535dabf0ad4642a66774c609ed",
+        "rev": "82155ff501c7622cb2336646bb62f7624261f6d7",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index 053140f..1afa9f1 100644
--- a/flake.nix
+++ b/flake.nix
@@ -13,6 +13,13 @@
           webshells = pkgs.callPackage ./pkgs/webshells { };
           weevely = pkgs.callPackage ./pkgs/weevely { };
         }
+        //
+        {
+          security-toolbox = pkgs.callPackage ./pkgs/security-toolbox {
+            pkgs = pkgs // self.packages.${pkgs.system};
+            unstable = unstable.legacyPackages.${pkgs.system};
+          };
+        }
         // (if pkgs.system != "x86_64-linux" then { } else
         {
           binaryninja = pkgs.callPackage ./pkgs/binary-ninja-personal { };
diff --git a/lib/hosts.nix b/lib/hosts.nix
index 6f4438b..58105a6 100644
--- a/lib/hosts.nix
+++ b/lib/hosts.nix
@@ -1,4 +1,4 @@
-{ path, nixosModule, unstable, ... }@inputs:
+{ path, nixosModule, ... }@inputs:
 let
 
   hostMetadata = builtins.mapAttrs
@@ -13,16 +13,6 @@ let
           (nixosModule)
           (hostMeta.module)
           (_: { networking.hostName = hostName; })
-          (_: {
-            nixpkgs.overlays = [
-              (_: _: {
-                unstable = import unstable {
-                  inherit (hostMeta) system;
-                  config.allowUnfree = true;
-                };
-              })
-            ];
-          })
         ];
       };
 
diff --git a/modules/security-tools.nix b/modules/security-tools.nix
index 96f3107..030a4ad 100644
--- a/modules/security-tools.nix
+++ b/modules/security-tools.nix
@@ -3,56 +3,12 @@ let
 
   cfg = config.sconfig.security-tools;
 
-  proxybrowser = pkgs.writeShellScriptBin "proxybrowser" ''
-    exec ${pkgs.ungoogled-chromium}/bin/chromium \
-    --disable-background-networking \
-    --disable-default-apps \
-    --disable-plugins-discovery \
-    --disk-cache-size=0 \
-    --ignore-certificate-errors \
-    --no-default-browser-check \
-    --no-experiments \
-    --no-first-run \
-    --no-pings \
-    --no-service-autorun \
-    --user-data-dir="$HOME/.proxybrowser" \
-    --proxy-server="localhost:8080" \
-    --proxy-bypass-list='<-loopback>'
-  '';
-
 in
 {
   options.sconfig.security-tools = lib.mkEnableOption "Enable security tools";
 
   config = lib.mkIf cfg {
-    environment.systemPackages = with pkgs; [
-      binutils
-      bridge-utils
-      burpsuite
-      dhcpdump
-      dirb
-      exiftool
-      gef
-      ghidra-bin
-      gobuster
-      iptables-nftables-compat
-      macchanger
-      masscan
-      metasploit
-      net-snmp
-      nmap
-      openvpn
-      proxybrowser
-      remmina
-      socat
-      thc-hydra
-      webshells
-      weevely
-      wfuzz
-
-      unstable.exploitdb
-      unstable.postman
-    ];
+    environment.systemPackages = [ pkgs.security-toolbox ];
 
     programs = {
       wireshark.enable = true;
diff --git a/pkgs/security-toolbox/default.nix b/pkgs/security-toolbox/default.nix
new file mode 100644
index 0000000..b26d6eb
--- /dev/null
+++ b/pkgs/security-toolbox/default.nix
@@ -0,0 +1,54 @@
+{ pkgs, unstable }:
+let
+
+  proxybrowser = pkgs.writeShellScriptBin "proxybrowser" ''
+    exec ${pkgs.ungoogled-chromium}/bin/chromium \
+    --disable-background-networking \
+    --disable-default-apps \
+    --disable-plugins-discovery \
+    --disk-cache-size=0 \
+    --ignore-certificate-errors \
+    --no-default-browser-check \
+    --no-experiments \
+    --no-first-run \
+    --no-pings \
+    --no-service-autorun \
+    --user-data-dir="$HOME/.proxybrowser" \
+    --proxy-server="localhost:8080" \
+    --proxy-bypass-list='<-loopback>'
+  '';
+
+in
+pkgs.symlinkJoin {
+  name = "security-toolbox";
+  paths = with pkgs;
+    [
+      binutils
+      bridge-utils
+      dhcpdump
+      dirb
+      exiftool
+      gef
+      ghidra-bin
+      gobuster
+      iptables-nftables-compat
+      macchanger
+      masscan
+      net-snmp
+      nmap
+      openvpn
+      proxybrowser
+      remmina
+      socat
+      thc-hydra
+      webshells
+      weevely
+      wfuzz
+
+      unstable.exploitdb
+      unstable.metasploit
+
+      (burpsuite.overrideAttrs (_: { meta = { }; }))
+      (unstable.postman.overrideAttrs (_: { meta = { }; }))
+    ];
+}