creating wordlist or not, what attack to use?

[atom]

I'd recommend you start learning how those attack-modes work. You can use --stdout to see which password candidates are generated. You can also save those outputs to file using a redirection and then reuse that result as input wordlist for your next attack. That way you should be able to combine different attack-modes as you want. But there is generally no GUI one-click solution, it's real work.