The salt value is public. You don't have to brute force it. This isn't a "rainbow table"; it's exhausting the secret input to the hash function itself. Your analysis is broken.
Salts are never public. You're assuming that the salt is obtained along with the hash, which may sometimes but not always be true. However, I did understate the usefulness of this method since I was assuming the attacker doesn't have the salt, which often may not be the case.
