#1 is using brutus illegal
Only if you use it on other people's systems without their authorisation. But you wouldn't be wanting to do that, right?

#2 I want to reveal a password I forgot on my website/email
That isn't a question, that's a statement

#3 when i use brutus it only gives me the wrong password or a password from the top of my possible pass list
That doesn't make sense either.

Seeing as it's your own system or you have permission from the admin, why don't you just go in and reset it?

If you're trying a security test on your own webmail system, be sure to tell the sysadmin that's what your doing otherwise you may create excessive load and/or trigger IDS rules on the system.

I'd recommend using it only out of hours on a non-production (for instance, internal development) system.

Using a password brute-forcer on a production or external system is likely to:

1. Trigger off IDS rules
2. Trigger automatic detection lockout (most large systems have this)
3. Create a lot of load on the client, server and the network
4. Really, really piss people off.
5. Oh yes, and you might get arrested and put in prison.