No matter if you do an internal, external, AD or even web application test you might need to generate password lists in order to try some brute forcing.
This can be done with wordlist-extractor in burp.