If the OP's friend knows their passphrase is one of a dozen or so possibilities, the setup/reading the documentation for something like btcrecover may take longer than using iancoleman's tool.
It is the proper way to do it, though. If they don't know the passphrase, they can't be really trying a different password each time, even for a dozen of times. Let alone if the password is a long one which increases the odds of having few characters forgotten.
You'll most likely end up on brute forcing with btcrecover, so why not just do it in the first place?