So, I need tips.

I'm currently using firewalk, scanrand, nmap, and w3af to audit a website, but have turned up empty handed. I believe that this website has a government-grade security penetration test done against it every year or three. It has more than a hundred thousand users. It is well secured, but not THAT well secured.

Can anyone give me tips on finding anything remotely vulnerable on the target website? I can give a list of almost every single utility they use on their webservers, from Apache to their search bar version.