Passwords remain one of the most widely used forms of authentication in modern systems. However, their inherent predictability, stemming from common user behaviors in password creation, renders password-based authentication vulnerable to guessing attacks. To balance memorability and security, users often construct isomorphic variants of a base password by altering its structure, such as transforming 123abc into 1a2b3c. These variants pose significant challenges to traditional password guessing models. In particular, mainstream approaches such as Markov model and Probabilistic Context-Free Grammar (PCFG) model struggle to capture the structural relationships among these variants. To address this challenge, we propose PassGIN, a password guessing framework based on Graph Isomorphism Networks (GIN). By modeling a password as a graph, PassGIN captures both local adjacency and character rearrangement patterns, enabling the model to distinguish subtle structural differences between base passwords and their isomorphic variants. To further enhance performance, we introduce PassCluster, a dynamic edge-weighting mechanism that leverages adjacency frequencies observed in large-scale password datasets. This allows GIN to more effectively learn structural variations and generate accurate guesses. Extensive experiments on eight real-world datasets demonstrate that PassGIN consistently outperforms state-of-the-art models in both intra-site and cross-site password guessing scenarios, achieving relative improvements of 23.49% and 74.53%, respectively.