As a penetration tester in the initial stage of assessing a target organization's external IT infrastructure, you need to gather intelligence on potentially vulnerable Internet-facing services without triggering security alerts. Which of the following tools would effectively enable passive reconnaissance to identify exposed services and devices, including specific versions and configurations, from publicly available information?
Nmap
theHarvester
CeWL
SQLmap