First off, you would have to have the brute force program be able to recognize a decrypted wallet file. Can't just brute-force all willy-nilly. Second, if you manage 1000 guesses per second, if you utilize numbers and letters, you're looking at about 1.55 million centuries. Let's not get special characters involved. Supposing your friend uses the same password for multiple things, your best bet would be to compile a list of all of those passwords and a few variations to try. From there, have the bruteforcer vary each character in each password to see if one was fat-fingered. Then, try adding letters in somewhere.
You do know that you can probably exclude low-character counts so that will be of some assistance. But take it from someone that knows; you won't find it by trying every variation possible in anything less than 1.55 years with one hell of an array.
This site will demonstrate for you just how long and how big of an array you would need to retrieve their wallet password:
https://www.grc.com/haystack.htmHope this helps.