In security terms password width isn't the length of the password, it's the character set size used by a single password.
A simple script to run Hashcat with the largest reasonable width working up from a single character to whatever length is computationally feasible would work. Assume a set comprising upper and lower case, numbers and basic symbols to encompass the usual suspects.
The best bet by a mile though is, assuming the password isn't random, and if it is it's likely too long to brute force, a dictionary and manipulations attack. Unless the password is short and/or narrow brute force isn't going to work.
Password length is length, width the character set used, which alongside length provides resilience against brute force, password depth provides resilience against dictionary attacks by avoiding common combinations of characters.
Hope this helps explain.